Research Assistant
PassAudited by ClawScan on May 1, 2026.
Overview
This local research-note skill is coherent and benign, but it persistently stores notes and can write user-directed markdown exports to allowed local directories.
This appears safe for organizing local research notes. Before installing, understand that notes are retained in a local JSON database and can later be searched or exported; do not store passwords, tokens, private keys, or instructions you would not want reused in future sessions.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Research notes may persist across sessions and could be surfaced in future searches or exports, so sensitive information or untrusted instructions stored as notes could affect later work.
The skill intentionally keeps a persistent, searchable note database across sessions, which is central to its purpose but means stored content may be reused later.
All research is stored in: `~/.openclaw/workspace/research_db.json`
Avoid storing secrets, credentials, or untrusted operational instructions as research notes unless you are comfortable with them being retained and retrieved later.
A mistaken or agent-chosen export path could create or overwrite a local markdown file in allowed directories, although this behavior is disclosed and purpose-aligned.
The export command writes markdown to a user-supplied path if it is under the workspace, home directory, or /tmp, with some blocked system and dotfile paths.
return (in_workspace or in_tmp or in_home) and not blocked ... output_path.write_text(md)
Prefer exporting to a clearly named new file under the OpenClaw workspace, and review the destination path before allowing an export.