target research
ReviewAudited by ClawScan on May 13, 2026.
Overview
This research skill is mostly purpose-aligned, but it should be reviewed because it automatically copies generated reports to Google Drive via rclone without clearly declaring or requesting that permission.
Install only if you are comfortable with generated target-research reports being saved locally and uploaded to the configured Google Drive `gdrive:` remote. Before use, verify that the rclone remote points to your intended account, and consider disabling or requiring confirmation for the upload step if the target or analysis is confidential.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A generated report may be copied to Google Drive automatically, which could expose confidential target-research work or business strategy if the user expected local-only output.
The skill makes a raw CLI cloud-copy command part of the default workflow. The command is scoped to the generated local report, but the artifact does not require an explicit user approval step before uploading.
Step 4.5: 上传 Google Drive — rclone copy 至 `gdrive:OpenClaw/靶点调研/`
Make Google Drive upload opt-in, ask for confirmation before running rclone, and provide a local-only mode.
The agent may use whichever Google Drive account is configured as `gdrive:` on the machine, creating or updating cloud files under that account.
Using an rclone Google Drive remote normally depends on an existing local authenticated profile, while the registry metadata declares no primary credential, environment variable, or config path. The affected account and permissions are therefore not made clear to the user.
Google Drive 上传: `rclone copy {本地文件} gdrive:OpenClaw/靶点调研/`Declare the rclone dependency and credential/config requirement, show which remote/account will be used, and require user confirmation before cloud upload.