deep-research

v1.0.2

使用 Gemini Deep Research Agent 进行自主深度研究，生成带引用的详细研究报告。当用户需要深度调研话题、生成研究报告、或需要多轮搜索和分析时使用。触发词：深度研究、deep research、帮我调研、研究一下、写研究报告、deep dive、详细分析。

⭐ 0· 307·0 current·0 all-time

by@gyliiiiii

MIT-0

Download zip

LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Benign

high confidence

✓

Purpose & Capability

Name and description claim a Gemini deep-research agent and the skill requires a GEMINI_API_KEY and the @google/genai SDK (or an explicit SDK path). Those requirements match the stated purpose.

ℹ

Instruction Scope

SKILL.md instructs running the included deep-research.mjs with GEMINI_API_KEY in the environment, and explicitly disallows reading local config files. It also warns not to display the API key. Note: the script intentionally prints intermediate 'thinking summaries' to stderr (agent internal summaries), which may reveal chain-of-thought details; this is expected for debugging/progress but may leak internal reasoning if you present stderr output directly to end users.

ℹ

Install Mechanism

There is no install spec; the script dynamically imports '@google/genai' or a user-provided SDK path. This is low-risk but means the runtime must have the npm package installed from the registry (or a trusted local build). Verify the package source before installing.

✓

Credentials

The only required credential is GEMINI_API_KEY (and an optional GOOGLE_GENAI_SDK_PATH). No unrelated secrets, config paths, or extra credentials are requested.

✓

Persistence & Privilege

Skill is not always-enabled and does not request elevated or persistent system privileges, nor does it modify other skills' configs. It runs as an invoked script only.

Assessment

This skill appears to do what it says: run a Gemini deep-research agent using your GEMINI_API_KEY and the @google/genai SDK. Before installing/using: (1) confirm you install @google/genai from the official npm package or provide a vetted local SDK path, (2) treat GEMINI_API_KEY as sensitive—use a scoped/limited key if possible and rotate it after use, (3) be aware stderr includes intermediate agent 'thoughts' (may reveal internal chain-of-thought), so avoid exposing stderr content to end users without review, and (4) run the script in an isolated environment if you have any doubts about provenance. If you want higher assurance, review the included deep-research.mjs source (already inspected here) and verify the npm package contents match upstream releases.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ac2v4p013rvfvc26fagwg2d82k4tk

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Primary envGEMINI_API_KEY

deep-research

License

Runtime requirements

Comments