AI Deep Research Agent
Security checks across malware telemetry and agentic risk
Overview
The skill appears to be a coherent YouMind research integration, with expected notes around installing a CLI, using a YouMind API key, sending research topics to YouMind, and bounded background polling.
Before installing, make sure you trust YouMind and its npm CLI, set YOUMIND_API_KEY in your environment or config rather than chat, and avoid sending confidential research topics unless you are comfortable saving them to your YouMind board.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent can run YouMind CLI commands for this workflow and a local Node parsing command when invoked.
The skill permits broad YouMind CLI calls and inline Node execution; the documented use is to create/poll a research chat and parse JSON, but users should be aware of the broad tool surface.
allowed-tools:\n - Bash(youmind *)\n - Bash(node -e *)
Use the skill for intended YouMind research tasks and review any command if the agent proposes actions outside creating or retrieving a research report.
Installing and using the skill gives the workflow access to act through the configured YouMind API key.
The skill requires a YouMind API key to access the user's YouMind account, which is expected for this integration.
primaryEnv: YOUMIND_API_KEY\nrequires:\n anyBins: ["youmind", "npm"]\n env: ["YOUMIND_API_KEY"]
Use a key you trust for this service, keep it in configuration or environment variables, and do not paste it into chat.
The local environment will depend on the npm-published YouMind CLI package if the user installs it.
The setup relies on a globally installed npm CLI package without a version pin. This is central to the skill's purpose but is still a supply-chain dependency.
npm install -g @youmind-ai/cli
Install the CLI only if you trust the package source, and consider reviewing the npm package details before global installation.
Research prompts and generated reports may be stored in the user's YouMind account.
The skill discloses that research outputs are stored in YouMind, meaning user research topics and generated reports leave the local agent context for an external provider.
Research reports are saved to your YouMind board.
Avoid submitting confidential research topics unless you are comfortable storing them in YouMind.
The agent may continue polling for research completion after returning control to the user, for up to the stated timeout.
The skill asks the agent to use a background task for long polling, but it is disclosed, task-scoped, and bounded by a timeout.
spawn a subagent/background task for the polling work... Timeout: 300 seconds
Use this only when you want a long-running research task, and cancel or stop the task if you no longer need the result.