DeepWiki
PassAudited by ClawScan on May 1, 2026.
Overview
DeepWiki is a coherent, purpose-aligned skill that sends repository questions to the disclosed DeepWiki MCP service and does not show credential use, persistence, destructive actions, or hidden behavior.
This skill appears safe for its stated purpose of querying public GitHub repository documentation through DeepWiki. Before installing, make sure you are comfortable sending your repository questions to mcp.deepwiki.com and avoid including confidential information.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your repository query details and question text may be visible to the DeepWiki service.
The script sends user-supplied repository names, questions, and wiki paths to the external DeepWiki MCP server. This is disclosed and purpose-aligned, but users should avoid including sensitive private information in prompts.
const SSE_URL = 'https://mcp.deepwiki.com/sse'; ... params = { repoName: repo, question: extra }; ... params = { repoName: repo, path: extra };Use it for public repository documentation as described, and avoid putting private code, secrets, or confidential context into questions.
The skill may fail unless Node.js is already available in the environment.
The documented usage depends on Node.js, while the registry requirements declare no required binaries. This is an under-declared runtime dependency rather than suspicious behavior.
node ./scripts/deepwiki.js ask <owner/repo> "your question"
Confirm Node.js is installed before use, or update the metadata to declare Node as a required binary.