Research-engine

This skill appears to implement a legitimate research/reporting tool, but exercise caution before installing: - Autonomous network activity: The documentation explicitly encourages proactive, periodic searches and integration into the agent's heartbeat. If you enable that, the skill may perform network requests without per-run consent. Only enable recurring invocation if you trust it. - Undeclared dependencies: The code imports tools.web_fetch, tools.web_search and moltbook_skill.get_feed but package.json and the skill metadata do not declare these dependencies. Verify those modules exist on your agent and inspect them — they control how web requests are made and where data may be sent. - Data storage: Reports and browsing_history.md are written to RESEARCH_DIR (default /home/vken/.openclaw/workspace/research). Confirm this path is acceptable and that no sensitive data will be written there. Consider overriding RESEARCH_DIR via environment variable to a sandboxed location. - Review network behavior: Inspect the implementations of tools.web_fetch / tools.web_search and moltbook_skill. Ensure they do not send collected content to untrusted external endpoints or leak sensitive information. - Limit autonomy: If you want to be conservative, do not wire the skill into automatic heartbeats initially. Run it manually and review its outputs and network calls first. What would change this assessment: if you supply the implementations of the referenced modules and they are local, well-audited wrappers that only call known search APIs, the inconsistencies become benign; if those modules contact unknown endpoints or the skill is given always-on autonomous invocation, the risk increases.