Research
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is mostly a coherent market-research helper, but it explicitly tells the agent to avoid Reddit CAPTCHA checks and can search private knowledge, session, and code context without clear user-scoping rules.
Use this skill only if you are comfortable with it performing web research and writing a local research.md. Before enabling it, consider disabling or revising the Reddit CAPTCHA-avoidance instructions and requiring explicit approval before it searches private knowledge bases, prior sessions, or project source code. Confirm domain-name candidates before external lookup.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may access Reddit in a way that avoids bot/human-verification controls, which can violate site rules, trigger blocks, or create compliance risk for the user.
The skill explicitly recommends browser automation and old.reddit.com because it avoids Reddit's CAPTCHA/human-verification flow.
MCP Playwright (old.reddit.com) ← BEST: bypasses CAPTCHA, full post + comments
... `www.reddit.com` shows CAPTCHA ("Prove your humanity"), always use `old.reddit.com`Remove the CAPTCHA-bypass framing. Prefer official APIs, normal WebSearch/WebFetch snippets, or user-approved access; if a site blocks automation, stop and ask the user rather than routing around it.
Private notes, past conversations, or source-code details could influence or appear in the generated research.md even when the user expected only public market research.
The skill can pull from persistent knowledge bases, prior sessions, and source-code search, but the visible instructions do not clearly bound which projects, files, sessions, secrets, or prior context may be used.
If MCP tools are available, prefer them over CLI: - `kb_search(query, n_results)` — search knowledge base for related docs - `session_search(query, project)` — find how similar research was done before ... `project_code_search(query, project)` — semantic search over project source code
Require user approval before searching KB/session/code sources, restrict searches to the current project, exclude secrets and unrelated history, and clearly cite any private context used.
Candidate product or domain names may be sent to public registry/DNS/RDAP services, making early naming ideas observable to third parties.
The domain-check reference uses local shell commands and network lookups for whois, DNS, and RDAP. This is purpose-aligned for domain availability checks, but it is still runtime command execution and external querying.
whois "$domain" ... dig +short "$domain" ... curl -sL ... "https://rdap.org/domain/${name}.${ext}"Confirm the domain candidates before running bulk checks, and disclose that name ideas will be queried against external registry and DNS services.