ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Deep Research Executor

v0.1.0

Execute deep research by performing comprehensive web searches and synthesizing findings into detailed reports. This skill enforces strict search protocols t...

0· 101·0 current·0 all-time
by@bird-frank
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name and description match the SKILL.md: both describe bilingual, deep web search and synthesis into a saved report. The requested actions (search, analyze, synthesize, write a report) are coherent with the stated purpose.
!
Instruction Scope
Instructions require using search tools and then fetching arbitrary URLs ("fetch content using appropriate tools and extract relevant information ALWAYS with subagent") and to read a JSON research plan and write files (report/ and index.md). The SKILL.md does not constrain what sources are acceptable, how to handle authentication-protected content, nor does it define what the 'subagent' is or its privileges. This gives the agent broad discretion to perform network fetches and modify workspace files.
Install Mechanism
Instruction-only skill with no install spec, no binaries, and no packages — minimal installation risk because nothing is downloaded or written by an installer.
Credentials
The skill declares no environment variables or credentials, which is reasonable for public web research. However, the instructions may require network access and the ability to write to the agent workspace (report/ and index.md). Those runtime permissions are not declared in metadata and should be confirmed before granting.
Persistence & Privilege
always:false and user-invocable:true are appropriate. The skill does request writing to files in the workspace but does not request persistent platform-level privileges or modification of other skills' settings.
What to consider before installing
This skill appears to do what it says (bilingual web searches and report generation), but it instructs the agent to fetch arbitrary web pages, spawn/ use a 'subagent', and write/append files (report/ and index.md) without documenting required runtime permissions. Before installing or enabling it: 1) Confirm your agent runtime/network policy — do you allow unbounded outbound web fetches and subagent creation? 2) Ensure the agent's workspace permissions are acceptable (it will create/modify files). 3) Prefer user-invocation only (keep autonomous invocation off) if you don't want the agent to run this autonomously. 4) Ask the skill author (or inspect the environment where it will run) for clarification on what "subagent" means and whether any credentials or access to private resources might be used. If you provide a research plan, avoid including secrets or private URLs in it.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ea9716yf3x844nqfd620511837zrg

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments