ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

deepresearch conversation

Deep ReSearch Conversation is provided by Baidu for multi-round streaming conversations with "Deep Research" agents. "In-depth research" is a long-process task involving multi-step reasoning and execution, which is different from the ordinary "question-and-answer". A dialogue that requires the user to repeatedly verify and correct it until a satisfactory answer is reached.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
2 · 6.2k · 26 current installs · 30 all-time installs
by@ide-rea
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name, description, required binaries (python3, curl), and required env var (BAIDU_API_KEY) align with a Baidu Deep Research client. However, the code accesses ~/.openclaw/openclaw.json to obtain the API key if the environment variable is missing, while the skill metadata lists no required config paths. This is a mismatch between declared requirements and actual behavior.
Instruction Scope
SKILL.md instructs the agent to call Baidu endpoints for conversation creation, file upload, parsing, and to run the included Python script to consume SSE streams. The instructions do not direct the agent to read unrelated system files or exfiltrate data beyond the Baidu API endpoints. The only extra scope is the documented/implicit automatic loading of the API key from the OpenClaw config, which the Python script implements.
Install Mechanism
There is no install spec (instruction-only with an included script), so nothing is downloaded or written by an installer. The included Python script depends on the 'requests' package but no installer is provided; this is an operational omission rather than a security red flag.
!
Credentials
The skill requests a single credential (BAIDU_API_KEY), which is proportional to its purpose. However, the Python script also attempts to read the OpenClaw config file in the user's home directory to obtain the same key if the env var is missing. The manifest did not declare this config-file access; reading a user config file that may contain other credentials is an extra (undeclared) access to sensitive data.
Persistence & Privilege
The skill is not always-enabled and does not request persistent system privileges or modify other skills. It only reads a config file for a credential and makes outbound requests to Baidu endpoints; no permanent presence or elevated privilege behavior was observed.
What to consider before installing
This skill appears to implement the described Baidu DeepResearch workflow and only needs your BAIDU_API_KEY. Two things to check before installing: (1) The included Python script will try to read ~/.openclaw/openclaw.json if BAIDU_API_KEY is not in the environment — verify that file's contents and remove any unrelated secrets or avoid relying on it by setting BAIDU_API_KEY in the environment. (2) The script imports the 'requests' library but the package install is not specified; ensure your environment provides requests from a trusted source. If you are uncomfortable with the skill reading your OpenClaw config, either set BAIDU_API_KEY in the environment or inspect/clean the config file first. Overall this is plausible for its stated purpose but the undeclared config-file access is an inconsistency worth caution.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.1.2
Download zip
latestvk97c6z4msghh4vdexbwenj6bzn813504

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📌 Clawdis
Binspython3, curl
EnvBAIDU_API_KEY
Primary envBAIDU_API_KEY

SKILL.md

Deep Research Conversation

This skill allows OpenClaw agents to conduct in-depth research discussions with users on a given topic. The API Key is automatically loaded from the OpenClaw config — no manual setup is needed.

API Table

namepathdescription
DeepresearchConversation/v2/agent/deepresearch/runMulti-round streaming deep research conversation (via Python script)
ConversationCreate/v2/agent/deepresearch/createCreate a new conversation session, returns conversation_id
FileUpload/v2/agent/file/uploadUpload a file for the conversation
FileParseSubmit/v2/agent/file/parse/submitSubmit an uploaded file for parsing
FileParseQuery/v2/agent/file/parse/queryQuery the status of a file parsing task

Workflow

Path A: Topic discussion without files

  1. Call DeepresearchConversation directly with the user's query. A new conversation is created automatically.

Path B: Topic discussion with files

  1. Call ConversationCreate to get a conversation_id.
  2. Call FileUpload with the conversation_id to upload files.
  3. Call FileParseSubmit with the returned file_id.
  4. Poll FileParseQuery every few seconds until parsing succeeds.
  5. Call DeepresearchConversation with the query, conversation_id, and file_ids.

Multi-round conversation rules

  • The DeepresearchConversation API is a SSE streaming interface that returns data incrementally.
  • After the first call, you must pass conversation_id in all subsequent calls.
  • If the response contains an interrupt_id (for "demand clarification" or "outline confirmation"), the next call must include that interrupt_id.
  • If the response contains a structured_outline, present it to the user for confirmation/modification, then pass the final outline in the next call.
  • Keep calling DeepresearchConversation iteratively until the user is satisfied with the result.

APIS

ConversationCreate API

Parameters

no parameters

Execute shell

curl -X POST "https://qianfan.baidubce.com/v2/agent/deepresearch/create" \
  -H "X-Appbuilder-From: openclaw" \
  -H "Authorization: Bearer $BAIDU_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{}'

FileUpload API

Parameters

  • agent_code: Fixed value "deepresearch" (required)
  • conversation_id: From ConversationCreate response (required)
  • file: Local file binary (mutually exclusive with file_url). Max 10 files. Supported formats:
    • Text: .doc, .docx, .txt, .pdf, .ppt, .pptx (txt ≤ 10MB, pdf ≤ 100MB/3000 pages, doc/docx ≤ 100MB/2500 pages, ppt/pptx ≤ 400 pages)
    • Table: .xlsx, .xls (≤ 100MB, single Sheet only)
    • Image: .png, .jpg, .jpeg, .bmp (≤ 10MB each)
    • Audio: .wav, .pcm (≤ 10MB)
  • file_url: Public URL of the file (mutually exclusive with file)

Local file upload

curl -X POST "https://qianfan.baidubce.com/v2/agent/file/upload" \
  -H "Authorization: Bearer $BAIDU_API_KEY" \
  -H "Content-Type: multipart/form-data" \
  -H "X-Appbuilder-From: openclaw" \
  -F "agent_code=deepresearch" \
  -F "conversation_id=$conversation_id" \
  -F "file=@local_file_path"

File URL upload

curl -X POST "https://qianfan.baidubce.com/v2/agent/file/upload" \
  -H "Authorization: Bearer $BAIDU_API_KEY" \
  -H "Content-Type: multipart/form-data" \
  -H "X-Appbuilder-From: openclaw" \
  -F "agent_code=deepresearch" \
  -F "conversation_id=$conversation_id" \
  -F "file_url=$file_url"

FileParseSubmit API

Parameters

  • file_id: From FileUpload response (required)

Execute shell

curl -X POST "https://qianfan.baidubce.com/v2/agent/file/parse/submit" \
  -H "Authorization: Bearer $BAIDU_API_KEY" \
  -H "Content-Type: application/json" \
  -H "X-Appbuilder-From: openclaw" \
  -d '{"file_id": "$file_id"}'

FileParseQuery API

Parameters

  • task_id: From FileParseSubmit response (required)

Execute shell

curl -X GET "https://qianfan.baidubce.com/v2/agent/file/parse/query?task_id=$task_id" \
  -H "Authorization: Bearer $BAIDU_API_KEY" \
  -H "X-Appbuilder-From: openclaw"

DeepresearchConversation API

Parameters

  • query: The user's question or research topic (required)
  • conversation_id: Optional on first call (auto-generated). Required on subsequent calls.
  • file_ids: List of parsed file IDs (optional, only when discussing files)
  • interrupt_id: Required when responding to "demand clarification" or "outline confirmation" from previous round. Found in content.text.data of the previous SSE response.
  • structured_outline: The research report outline. Required on subsequent calls if the previous round generated one. Structure:
{
    "title": "string",
    "locale": "string",
    "description": "string",
    "sub_chapters": [
        {
            "title": "string",
            "locale": "string",
            "description": "string",
            "sub_chapters": []
        }
    ]
}
  • version: "Lite" (faster, within 10 min) or "Standard" (deeper, slower). Default: "Standard".

Execute shell

python3 scripts/deepresearch_conversation.py '{"query": "your question here", "version": "Standard"}'

Example with all parameters

python3 scripts/deepresearch_conversation.py '{"query": "the question", "file_ids": ["file_id_1"], "interrupt_id": "interrupt_id", "conversation_id": "conversation_id", "structured_outline": {"title": "Report Title", "locale": "zh", "description": "desc", "sub_chapters": [{"title": "Chapter 1", "locale": "zh", "description": "chapter desc", "sub_chapters": []}]}, "version": "Standard"}'

Files

3 total
Select a file
Select a file to preview.

Comments

Loading comments…