Research Assistant
v1.0.1Structured web research framework for AI agents. Teaches your agent to conduct multi-source research, synthesize findings into actionable briefs, maintain a...
⭐ 0· 311·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description match the instructions: the SKILL.md explains planning, searching, synthesizing, and storing briefs in a local research/ directory. Asking the user/agent to create a research folder and save briefs is consistent with the stated purpose. The only slightly disproportionate bit is the explicit instruction to add lines to AGENTS.md, SOUL.md, or the system prompt — that is plausible for integrating a workflow but is a privileged action (persisting behavior across sessions).
Instruction Scope
The instructions direct the agent (or the user) to read and write files under a research/ workspace (expected), but also to add content to the agent's system prompt or AGENTS.md / SOUL.md. That effectively modifies the agent's long-term behavior and could be used for prompt persistence. The pre-scan flagged 'system-prompt-override' pattern appears because the SKILL.md explicitly shows text intended to be copied into a system prompt; while expected for integration, it raises prompt-injection/persistence risk and should be reviewed manually before pasting into privileged prompts. The SKILL.md does not ask to read unrelated system files or secrets, which is good.
Install Mechanism
Instruction-only skill with no install spec and no code files; nothing will be downloaded or written by an installer. This minimizes supply-chain risk.
Credentials
The skill requests no environment variables, credentials, or external config paths. All required actions are local file reads/writes within a user-created research/ directory, which is proportionate to the stated function.
Persistence & Privilege
The skill itself doesn't request always: true or autonomous privileges, but it instructs the user/agent to add persistent instructions to system prompts and to set up automated 'monitor' triggers. If you follow those instructions, the behavior becomes persistent and can lead to recurring autonomous actions by the agent. This is a user-driven persistence risk rather than an automatic installer privilege, but it deserves caution.
Scan Findings in Context
[system-prompt-override] expected: The SKILL.md explicitly includes text intended to be copied into an agent system prompt (e.g., 'Add to your AGENTS.md, SOUL.md, or system prompt'). For a research-assistant blueprint this is plausible, but it is exactly the pattern that enables prompt persistence/injection so it should be treated as a security-sensitive action and reviewed before applying to privileged prompts.
What to consider before installing
This skill appears to be what it says (a structured research workflow) but contains instructions that can persistently change your agent's behavior. Before installing or copying anything into agent/system prompts: 1) Verify the author/source — there is no homepage and the publisher is unknown. 2) Never paste these instructions directly into a privileged system prompt without review; instead, implement them as a user-level guideline or in a sandboxed agent. 3) If you want automated monitoring, prefer an external scheduler you control (cron, task runner) rather than granting the agent autonomous scheduling. 4) Review and limit the agent's autonomy and outgoing channels (no webhooks, no ability to send data externally) so created briefs/monitor files cannot be exfiltrated. 5) Monitor the research/ directory after first runs and remove or restrict any persistent prompt changes if unexpected behavior occurs. If you can confirm the skill's author identity or get an explicit explanation of how automated triggers are executed (e.g., they require you to run a scheduler you control), that would increase confidence and could make this benign.Like a lobster shell, security has layers — review code before you run it.
latestvk9705wv57fr5zq8tzt6b5zkydx82grnr
License
MIT-0
Free to use, modify, and redistribute. No attribution required.