ClawHub

Desk Research

v1.0.0

Structured desk research workflow for market, company, policy, product, and competitor questions. Use when a user asks for secondary research, landscape scan...

0· 104·0 current·0 all-time
by@draco-kzn
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the included reference documents and the SKILL.md workflow. The skill requires no binaries, env vars, or config paths and the five reference files are appropriate source material for a desk‑research helper.
Instruction Scope
Instructions stay within the research purpose (define brief, build source plan, extract claims with source/date, synthesize, run self‑challenges). They reference only local reference files provided. One minor openness: the SKILL.md says 'Find sources' but does not prescribe which network/tooling to use, leaving implementation discretion for how the agent fetches web sources — that could enable network access depending on the agent's tool config. The workflow itself does not instruct reading unrelated system files or exfiltrating secrets.
Install Mechanism
No install spec and no code files — instruction‑only skill. Nothing will be downloaded or written by an installer.
Credentials
No required environment variables, credentials, or config paths are declared. All required inputs are research briefs and public sources, which is proportional to the stated functionality.
Persistence & Privilege
always is false and the skill does not request permanent system presence or to modify other skills. The skill permits autonomous invocation (platform default) but that is normal and not excessive here.
Assessment
This skill appears coherent and low risk: it is a packaging of a research methodology and templates, with no installs or secrets requested. Before installing, consider: (1) confirm which agent tools are allowed to perform web searches or HTTP calls — the SKILL.md expects the agent to 'find' and extract sources but does not constrain which network tools are used; restrict web access to approved connectors if you need control; (2) require the agent to cite verifiable public links and avoid using private credentials or internal docs unless you explicitly allow it; (3) review a sample output to ensure the agent actually includes source/date fields and separates facts from interpretation as the workflow mandates. If you want extra caution, disable autonomous invocation for this skill or monitor its first few runs.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cxwk9a8nrb5rxyyazzt47cn835a08

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments