Deep Research Agent
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a transparent instruction-only research workflow; its main things to notice are web research, optional subagent delegation, and named report files.
This skill appears safe to install as an instruction-only research helper. Before use, decide whether web searches and subagent delegation are acceptable for your topic, verify citations for important decisions, and choose a trusted installation method rather than blindly running global npm/all-target setup commands.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the user chooses this install method, they are trusting an external npm CLI and may add the skill to multiple agent environments.
The README gives a user-directed setup path that installs a global npm CLI and can install the skill across all supported agent tools. This is disclosed setup guidance, not automatic execution, but users should trust the installer before using it.
npm install -g @jahonn/agentskills-cli agentskills install ./research-agent-skill -t all
Use a trusted install path, verify the CLI/package source if using npm, and avoid the all-target option if you only want the skill in one agent.
Reports may be affected by outdated, biased, or manipulative public sources if the citations are not checked.
The research process intentionally incorporates external and community sources into summaries and recommendations. The methodology includes credibility, recency, and bias checks, which keeps this purpose-aligned, but retrieved content can still influence conclusions.
Search for: Official docs / primary sources ... Community discussions (Reddit, HN, Discord — real user opinions) ... Technical analysis ... GitHub metrics ... Commercial context
For important decisions, ask for citations, review the source quality, and verify key claims independently.
Sensitive research topics or private context could be passed into the delegated research workflow.
The skill explicitly delegates deep-dive research to another model/subagent. This is disclosed and aligned with the research purpose, but it may share the user's research question and relevant context with that delegated agent/model.
Spawn subagent (Sonnet) with the Deep Dive prompt.
Avoid including confidential information unless that model/provider is acceptable, or ask the agent not to spawn a subagent for sensitive topics.