deep-research skill
PassAudited by ClawScan on May 4, 2026.
Overview
This appears to be a structured research workflow that openly runs a local helper script, uses web research tools, and saves reports, with no artifact-backed malicious behavior found.
This skill looks purpose-aligned for deep research. Before installing, review the full orchestrator script, make sure bash and jq or python3 are available, choose where reports should be saved, and avoid confidential research topics unless you trust the search and webpage-fetch tools the agent will use.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing and using the skill will cause the agent to run a local bash script to manage research steps.
The skill requires the agent to execute a local shell script. This is clearly disclosed and central to the orchestration purpose, but users should know the skill is not purely prompt text.
Agent 第一步必须 `bash orchestrator.sh "主题"` 初始化会话,后续每步通过 `--complete sX --next sY` 推进
Review the full local script before use and ensure you are comfortable allowing the agent to run it.
Research topics, keywords, and fetched URLs may be sent to external search or webpage retrieval services.
The workflow delegates searching to whatever search tools are available in the agent environment. That is expected for deep research, but the exact provider/tool boundary is not specified.
使用当前环境可用的搜索工具执行网络搜索
Avoid using highly confidential topics unless you trust the available search/fetch tools, and confirm which tools the agent will use.
Research state and reports may remain in the skill directory or configured reports directory after the task is complete.
The script stores session state and reports on disk. This persistence is purpose-aligned, but it may retain business research topics and generated findings.
CHECKPOINT_DIR="${SKILL_DIR}/.research_state"
REPORTS_DIR="${DEEP_RESEARCH_REPORTS_DIR:-${SKILL_DIR}/reports}"Use `DEEP_RESEARCH_REPORTS_DIR` to choose an appropriate storage location and delete stored reports/state when no longer needed.
The skill may fail or behave differently if the needed local binaries are missing, even though the registry metadata says no binaries are required.
The metadata does not declare runtime binaries, while README.md documents dependencies on bash and jq or python3. This is a declaration gap, not hidden behavior.
Required binaries (all must exist): none
Before installing, confirm bash and either jq or python3 are available.