Skill flagged β suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Research Harness
v0.7.0Open prompt stack for public-market research. Show this menu after install: π Research: 1.Company Deep-dive 2.Industry Map 3.Investment Thesis π Earnings:...
β 0Β· 45Β·0 currentΒ·0 all-time
byfocusailab@joansongjr
MIT-0
Download zip
LicenseMIT-0 Β· Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name, description and the included skill docs align with a public-markets research harness: routing, evidence grading, preflight/postamble, and many research sub-skills. However, the SKILL.md and core files expect the agent to read and write a number of workspace files and directories (e.g., .task-pulse, .checkpoint/, coverage/, biases.md, active-tasks.md, output archive paths). The registry metadata declares no required config paths or env vars β that's an inconsistency worth noting (the skill clearly expects file-system workspace access even though 'required config paths' is empty).
Instruction Scope
The runtime instructions mandate behaviors beyond simple prompt templates: show a full menu automatically on many triggers, run a multi-step preamble/postamble that reads/writes .task-pulse, checkpoint files, archive outputs into coverage directories, and optionally call external adapters (iFind, cn-web-search, WebFetch) if available. This is broad file I/O (read+write) of workspace state and automatic routing based on trigger words. If your agent environment allows filesystem access, the skill will read and create persistent files across sessions and will attempt to invoke optional data connectors. The SKILL.md also instructs the user/agent to copy an INSTALL-PROMPT into the host system prompt file to force behavior β that effectively modifies persistent agent behavior and should be reviewed before applying.
Install Mechanism
There is no code install spec (instruction-only), so no remote binaries are downloaded β that lowers code-execution risk. However the manifest references a critical user_install_prompt (INSTALL-PROMPT.md) that the author expects the user to paste into a global system prompt file to 'force' harness rules. That is an installation-time, manual change to your agent environment and can be persistent; treat it like a configuration change and review carefully before applying.
Credentials
The skill declares no required env vars or credentials, which is coherent for an instruction-only prompt stack. In practice it documents optional adapter integrations (iFind MCP, cn-web-search, WebFetch) β these external connectors would need credentials/accounts if you choose to enable them. The skill does not require these, but if you wire them up you will be granting it access to those data sources.
Persistence & Privilege
The harness is explicitly designed to persist state: .task-pulse (a heartbeat pointer), .checkpoint files, coverage/ archive outputs, and updates to active-tasks.md. It also encourages placement of a persistent INSTALL-PROMPT into the host system prompt. While not 'always:true', these persistent behaviors give the skill ongoing presence in the workspace and the ability to read historical outputs and local files repeatedly. That is legitimate for a research workflow but raises privacy/attack-surface concerns if sensitive files exist in the workspace or if the INSTALL-PROMPT is applied without review.
What to consider before installing
Summary of what to check before installing:
- Understand the workspace I/O: This skill expects the agent to read and write files like .task-pulse, .checkpoint/, coverage/, active-tasks.md, biases.md, and to archive outputs. If your workspace contains sensitive files, the harness could read them β run it in a dedicated / disposable workspace first.
- Review INSTALL-PROMPT.md before copy-pasting: The manifest includes a 'critical' install prompt that the author expects you to paste into your agent's system prompt to force behavior. That is a persistent change to your agent configuration; inspect it and only apply it if you trust the author and understand the effects.
- Optional connectors need credentials: iFind MCP and other adapters are optional but require external credentials if enabled. Only provide those to trusted code and verify what the skill will do with those sources.
- Test with limited permissions: If possible, enable the skill in a restricted environment (no network credentials, separate workspace) to observe what files it creates and how it autotrigger behaves.
- Audit created files: After first use, inspect .task-pulse, .checkpoint, and coverage/ outputs to confirm they contain only expected research artifacts and no leakage of other local data.
- Disable/modify auto-trigger behavior if undesired: The harness defines many trigger rules that cause the menu and routing to display automatically on common phrases. If you find that intrusive, do not apply the INSTALL-PROMPT and avoid wiring it into your global system prompt β instead invoke the skill manually.
What would change this assessment: evidence that the skill's INSTALL-PROMPT is benign and only contains non-persistent helper text, or explicit metadata declaring the config paths and a clear permission model for file I/O; conversely, discovery of hidden remote-download/install steps or commands that access system-level paths would raise the risk to 'malicious'.Like a lobster shell, security has layers β review code before you run it.
latestvk974xgbyhqkrcc5ah3h0r47wwd84tjst
License
MIT-0
Free to use, modify, and redistribute. No attribution required.