Tech Solution Research
v0.3.0技术方案调研/框架选型/技术对比/最终报告生成 — multi-source evidence orchestration for technical decision-making
⭐ 0· 85·0 current·0 all-time
by_silhouette@lanyasheng
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The name/description (technical solution research) match the SKILL.md: it defines multi-source evidence lanes, scoring, runtime tests and a report template. The listed source lanes (official docs, GitHub, platform-native, community, runtime tests, internal-assets, ClawHub) are appropriate for technical evaluation. Nothing requested is out-of-scope for a technical research skill.
Instruction Scope
The instructions strictly prescribe data collection, evidence schema, test/score/templating and 'must use' platform-native skills (feedgrab, xiaohongshu, gh/gh CLI, agent-browser, moltbook-global, ClawHub registry, etc.). That is coherent with the goal, but the skill assumes the agent will call other skills or run runtime tests — which may invoke network calls, CLIs, or execute test scripts. The SKILL.md does not instruct reading unrelated host files or environment variables, but it does include an 'internal-assets' lane that implies access to internal docs/code if available — confirm that such access is intentional and permissioned.
Install Mechanism
No install spec and no code files (instruction-only). This minimizes supply-chain risk: nothing will be downloaded or written by the skill itself.
Credentials
The skill declares no required env vars or credentials, but its runtime rules assume availability of platform-native connectors and CLIs (GitHub/gh, feedgrab, agent-browser, xiaohongshu, moltbook, ClawHub). Those connectors typically need credentials or elevated access. It's normal for a research skill to use such tools, but the skill does not declare or constrain them — verify what credentials the agent already has and whether exposing them to these evidence-collection steps is acceptable.
Persistence & Privilege
always:false and no install lifecycle actions. The skill does not request permanent inclusion or write to other skills' configs. Autonomous invocation is allowed by default (platform normal) but not combined with other red flags here.
Assessment
This skill is coherent and appears to do what it says: orchestrate multi-source technical research and generate a structured report. Before installing or invoking it, check the following: 1) Confirm which platform-native connectors/CLIs (GitHub/gh, feedgrab, xiaohongshu, agent-browser, moltbook, ClawHub, etc.) your agent has access to and whether those connectors require credentials you consider sensitive. 2) If you expect the skill to use internal documents (internal-assets lane), ensure those accesses are intentional and governed by your access controls. 3) Runtime tests imply executing scripts or commands — review how test artifacts, logs, and credentials will be stored or transmitted. 4) Because the SKILL.md enforces specific 'must use' data sources, verify each referenced skill/connector is trusted; otherwise the agent may fall back to alternative sources and must record that downgrade. If any of the above is unacceptable, restrict or audit the agent's connector permissions before using this skill.Like a lobster shell, security has layers — review code before you run it.
latestvk976sww1napjdffggfchd9q3rd83tfdt
License
MIT-0
Free to use, modify, and redistribute. No attribution required.