ClawHub

Deep Research

v0.1.0

This skill should be used when the user requests comprehensive research, deep investigation, or detailed academic-style reports on any topic. Trigger phrases...

0· 354·2 current·2 all-time
by@kongyo2
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name, description, and included files (report template, citation and methodology guides) align with a comprehensive research/reporting skill. There are no unrelated environment variables, binaries, or install steps requested that would be out of scope for a research assistant.
Instruction Scope
SKILL.md directs systematic, multi-stage web searching and explicitly requires fetching full pages via WebFetch (not relying on snippets), accessing multiple URLs, multi-lingual searches, and capturing full citation metadata. This is appropriate for a thorough research workflow, but it gives the agent broad authority to fetch arbitrary URLs (no whitelist or domain restrictions) which may enable server-side request forgery (SSRF) or retrieval of private/internal resources depending on how the platform's WebFetch tool is implemented.
Install Mechanism
Instruction-only skill with no install spec, no code files executed at install time, and no downloads. Low install risk.
Credentials
The skill requests no environment variables, credentials, or config paths. Nothing appears disproportionate. Note: the skill's explicit guidance to capture and record full URLs and metadata increases the chance that private/internal URLs or PII could appear in generated reports if such sources are used.
Persistence & Privilege
always is false and the skill does not request persistent system‑level changes or privileges. It relies on runtime web access and writing draft report files (per the template), which is normal for a content-generation skill.
Assessment
This skill is coherent for in‑depth research: it instructs the agent to fetch many web pages and produce long, fully cited reports. Before installing or invoking it, confirm how the agent's WebFetch (or web access) is restricted: unguarded fetch tools can reach internal services or other non-public endpoints (SSRF/data exposure). Avoid supplying private/internal URLs or credentials as part of prompts, and consider limiting the agent's network access to public domains only. Review generated reports and the References section for accidental inclusion of sensitive URLs or PII. If you need to use this skill on sensitive topics, request that platform administrators enforce URL whitelists, network egress controls, or logging/approval for outbound fetches.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cff0zfm1pwy59vnw97kj1fd822z6y

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments