Deep Research
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill matches a deep-research workflow, but it asks to run multiple non-interactive Claude subprocesses with broad file, shell, web, and MCP access, so users should review and narrow permissions before use.
Use this skill only after reviewing the proposed plan and permissions. Prefer a sandbox or dedicated project folder, reduce child-agent allowed tools where possible, avoid Bash/Edit for children unless truly needed, and do not use external web/MCP collection for confidential internal material unless approved.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A child research subprocess could run shell commands or modify/read local files under the user's account if its prompt, inputs, or retrieved content lead it in that direction.
The skill delegates work to non-interactive child agents and recommends broad local file, shell, web, and MCP permissions. This is aligned with the research purpose, but the artifact does not clearly enforce path limits or per-action review for child subprocesses.
子目标数量 ≥3 时必须启动 `claude -p` 子进程 ... `--allowedTools "Read,Write,Edit,Bash,Glob,Grep,WebFetch,WebSearch,mcp__firecrawl__firecrawl_scrape,mcp__firecrawl__firecrawl_search"`
Before use, narrow child `--allowedTools` to the minimum needed, avoid giving Bash/Edit to child agents unless necessary, and keep all writes restricted to a dedicated .research directory.
Running many child agents can consume compute/API quota and continue working in the background until timeouts complete.
The skill intentionally launches parallel background child-agent jobs. It includes timeouts, logs, and a user-confirmation step, so this appears disclosed and purpose-aligned rather than hidden persistence.
小规模任务(<8 个)用循环 + 后台任务(或队列控制)实现并行 ... 默认并行 8 个 ... `timeout 600 claude -p`
Confirm the planned number of child processes, timeout values, and log locations before starting; reduce concurrency for sensitive or resource-limited environments.
The skill may fail or behave differently depending on what local CLIs and MCP servers are already installed and configured.
The metadata does not declare runtime dependencies even though the skill text relies on external commands and integrations such as `claude -p`, `timeout`, GNU Parallel/xargs, and MCP tools.
Required binaries (all must exist): none ... No install spec — this is an instruction-only skill.
Document and verify required local tools before use, especially the Claude CLI and any MCP providers used for web collection.
Sensitive research topics, links, prompts, or intermediate findings may remain on disk after the task.
The workflow persists prompts, raw collected data, logs, cache files, child outputs, and final reports. This is expected for auditability, but it creates retained local research context.
创建运行目录 `.research/<name>/`,并把**所有**产物都保存到该目录下(子目录如 `prompts/`、`logs/`、`child_outputs/`、`raw/`、`cache/`、`tmp/`)。
Use this only in an appropriate workspace and delete or protect the .research directory if it contains confidential material.
Private URLs, internal topics, or sensitive research questions could be exposed to configured external providers if the user includes them in the task.
The skill discloses use of external web/MCP providers for research collection. That is purpose-aligned, but queries, URLs, or retrieved material may be sent through those integrations.
联网优先走 skills,其次 MCP ... 若必须使用 MCP,则优先 `firecrawl`,其次 `exa`
Avoid sending confidential internal material through web/MCP tools unless those providers are approved for that data.