Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Deerflow
v1.1.1Deep research and async task execution via DeerFlow LangGraph engine. Submit multi-step research tasks through a lightweight API-only Docker deployment (no f...
⭐ 0· 38·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill claims to be a lightweight API-only integration and includes Python helper scripts — python3 requirement is appropriate. However the runtime instructions require git and Docker/docker-compose (clone a GitHub repo and run `docker compose up`), yet the metadata only lists python3 and does not declare git/docker as required binaries. That mismatch reduces transparency and is disproportionate to what's declared.
Instruction Scope
SKILL.md instructs cloning https://github.com/bytedance/deer-flow, editing a .env to add model API keys (OPENAI_API_KEY, MINIMAX_API_KEY, etc.), and running containers. The skill's helper scripts only call local LangGraph endpoints, which is consistent. Be aware the deployed DeerFlow services may call back to OpenClaw (config has OPENCLAW_URL/notify), and the deployment will hold your model API keys in its .env — the instructions therefore implicitly direct the user to provide sensitive credentials to the deployed service.
Install Mechanism
There is no formal install spec in the skill bundle, but the documentation tells the user to git-clone a third-party repo and run its Docker compose deployment. That effectively installs and runs external code/images not provided in the skill. Running unvetted Docker images from a remote repository is a significant operational risk and should be reviewed before execution.
Credentials
The skill itself does not request environment variables or credentials (metadata lists none), which is coherent for the helper scripts. However the deployment instructions require LLM provider API keys stored in the DeerFlow .env; those secrets are necessary for the deployed service to operate but are not managed by the skill. Users should not assume the skill will safeguard those keys — they will live in the deployed stack's environment and/or images.
Persistence & Privilege
The skill does not request always:true or elevated platform privileges. It is user-invocable and can be called autonomously (normal). The skill's files do not modify other skills or agent configs. No persistence or privilege escalation is requested by the bundle.
What to consider before installing
This skill appears to do what it says (submit and poll DeerFlow LangGraph tasks), but before installing: 1) note the SKILL.md requires git and Docker/docker-compose even though the metadata omits them — install and review those prerequisites first; 2) the instructions clone and run a third-party GitHub repo and its Docker images — review the repository and the images (Dockerfile, image sources, tags) for trustworthiness before running them; 3) the DeerFlow deployment requires LLM API keys stored in a .env (OPENAI_API_KEY, MINIMAX_API_KEY, etc.) — treat those as sensitive secrets and avoid exposing them to untrusted images or public networks; 4) consider running the stack in an isolated environment (VM) and inspect network callbacks (OPENCLAW_URL/notify) if you want to control what the deployed services can reach. If you need greater assurance, ask the publisher for signed releases or a reproducible image provenance and for the skill metadata to declare docker/git as required binaries.Like a lobster shell, security has layers — review code before you run it.
latestvk97ey7hc2t5tk0wcw1epk8q9p1847vpd
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
OSLinux · macOS
Binspython3