ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Research Assistant

v1.0.0

Research assistant using ReAct + Plan-and-Solve for web research, information synthesis, and report generation with citations.

0· 28·0 current·0 all-time
by@banxian87
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description promise web research with tool use (ReAct) and Plan-and-Solve. The supplied code implements planning and prompt-driven synthesis but does not perform real web searches, page fetches, or tool integration — it returns simulated sources (https://example.com/...) and uses a default LLM stub. This mismatch suggests the package is a stub or incomplete rather than actually providing the advertised web-research capability.
Instruction Scope
SKILL.md instructs the agent to 'Search web', 'Fetch pages', 'Extract info', and run ReAct loops. The runtime instructions in SKILL.md are consistent with a web-research tool, but the code does not implement those actions and instead simulates results. The documentation could lead a user to expect network activity and real citations that this version does not perform.
Install Mechanism
No install spec and no downloads; the skill is instruction-plus-source only. Nothing is written to disk by an installer, which reduces install-time risk.
Credentials
The skill requests no environment variables, credentials, or config paths. That is proportionate to the included implementation (which performs no network I/O or external API calls).
Persistence & Privilege
always is false and there is no mechanism shown to modify agent-wide configs or persist credentials. The skill does not request elevated persistence or privileges.
What to consider before installing
This package appears to be a stub: it documents ReAct-based web research but the code returns simulated sources (example.com) and a placeholder LLM response. Before installing or relying on it: 1) confirm whether you need a real web-search/HTML-fetch implementation — this version does not perform network fetching; 2) if you expect real searches, request the author to show where/how search APIs and credentials would be used; 3) do not trust the generated 'citations' from this version — they are synthetic; 4) if a later version adds network calls or credentials, review those changes carefully (endpoints, required env vars, and install steps) and test in a sandbox. If you only need a local prompt-driven report generator (no live web access), this code may be acceptable but limited.

Like a lobster shell, security has layers — review code before you run it.

latestvk976spktwvx0j4bnwst22h266s843ryn

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments