ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Omni Research

v1.0.0

Multi-source deep research using your own browser. Queries Perplexity, Grok, and Gemini in parallel via CDP — zero API keys, uses your existing subscriptions.

0· 326·1 current·1 all-time
by@lmanchu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill claims to perform multi-source research via the user's browser and the code shows exactly that (CDP control, opening tabs, evaluating JS). Requiring python3 and websockets/httpx is proportional. However the README's 'zero API keys' claim doesn't match the code paths that use a 'cliproxy' API and a 'cliproxy_key' in the default config (research.py sets a non-empty default key), which is an unexplained inconsistency.
!
Instruction Scope
Runtime instructions and code connect to the user's browser via CDP and execute arbitrary Runtime.evaluate commands in pages (reads DOM, opens/close tabs, types input). That capability is necessary for the stated purpose but is high-privilege because it can access any content in the browser. The skill also reads/writes a user config at ~/.config/omni-research/config.json (which can hold URLs/keys). The SKILL.md doesn't fully surface the cliproxy/api fallback or the hardcoded key, so the agent could send scraped content to the configured proxy if that endpoint is set to an external host.
Install Mechanism
No install spec is provided (instruction/code-runner model), which keeps install risk low, but the package includes Python scripts that will be executed locally. Dependencies are standard (httpx, websockets). Because there is no explicit vetted package/URL, users will run code directly from this repo — they should inspect it before executing.
!
Credentials
The registry lists no required env vars or credentials, but the code uses a configurable 'cliproxy_url' and 'cliproxy_key' stored in ~/.config/omni-research/config.json. research.py defines a non-empty default 'cliproxy_key' ('magi-proxy-key-2026') while setup.py writes an empty default — an incoherence that could cause unintended use of a key or proxy. The skill can be configured to call arbitrary endpoints, which would allow exfiltration of scraped content if misconfigured.
Persistence & Privilege
The skill does not request 'always: true' or other persistent platform privileges and does not attempt to modify other skills. However, the runtime requires the browser to be started with remote debugging enabled, which grants the local process (this skill) powerful control over the browser and any logged-in sessions — a legitimate need for the feature but a significant privilege that users must accept consciously.
What to consider before installing
Before installing or running this skill: 1) Review the code (research.py and browser.py) yourself — the scripts will control your browser via the Chrome DevTools Protocol and can read any page content. 2) Inspect ~/.config/omni-research/config.json after running setup; remove or set cliproxy_url only to a localhost service you control and replace any non-empty cliproxy_key with an empty string unless you intentionally run a local proxy. 3) Note the inconsistency: research.py sets a default cliproxy_key ('magi-proxy-key-2026') while setup.py uses an empty key — verify which value is in your config before use. 4) Run with a disposable browser profile or a browser instance started specifically for this tool (and ensure --remote-debugging-port is bound to localhost only); do NOT enable remote debugging on machines reachable by others. 5) If you do not want any external network calls, avoid using API-only mode (gemini-api) and ensure cliproxy_url is local. 6) If you are not comfortable granting full CDP control to third-party code, do not run it. If you decide to proceed, prefer running the code only after manual review and with conservative local configuration.

Like a lobster shell, security has layers — review code before you run it.

browservk9745n6d7r95f0hs3s5pxqezr181xvqgcdpvk9745n6d7r95f0hs3s5pxqezr181xvqglatestvk9745n6d7r95f0hs3s5pxqezr181xvqgresearchvk9745n6d7r95f0hs3s5pxqezr181xvqg

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔬 Clawdis
Binspython3

SKILL.md

omni-research

Research any topic by querying multiple AI services through your own browser. No API keys — uses your existing Perplexity Pro, X Premium, Gemini Advanced subscriptions.

How It Works

  1. Connects to your running browser via CDP (Chrome DevTools Protocol)
  2. Opens parallel tabs to Perplexity, Grok, and Gemini (you're already logged in)
  3. Submits your query, waits for response, extracts answer from each
  4. Synthesizes all results into a unified summary

Prerequisites

  • Python 3.10+ with httpx and websockets
  • Chrome, Edge, or any Chromium browser running with CDP: 
    # Add to your browser shortcut or launch command (one-time)
--remote-debugging-port=9222
  • Logged into your AI services in the browser

Usage

# All browser sources (Perplexity + Grok + Gemini)
python3 research.py "AIPC market trends 2026"

# Specific sources
python3 research.py --sources perplexity,grok "topic"

# API-only mode (no browser needed)
python3 research.py --sources gemini-api "quick question"

# JSON output
python3 research.py --json "query"

Available Sources

SourceTypeRequires
perplexityBrowserPerplexity Pro login
grokBrowserX Premium / Grok login
geminiBrowserGoogle account login
gemini-apiAPIOpenAI-compatible endpoint

Configuration

Optional ~/.config/omni-research/config.json:

{
  "cdp_port": 9222,
  "cliproxy_url": "http://127.0.0.1:8317/v1",
  "cliproxy_key": "your-key",
  "synthesis_model": "glm-4.7",
  "gemini_api_model": "gemini-2.5-flash"
}

Architecture

User's Browser (Chrome/Edge/Comet/Arc, CDP :9222)
  ├── Tab: perplexity.ai     → user's Pro session
  ├── Tab: grok.com           → user's Premium session
  └── Tab: gemini.google.com  → user's Google session
        ↓ WebSocket (CDP Input.insertText + dispatchKeyEvent)
  BrowserBridge (browser.py — httpx + websockets)
        ↓  ← IrisGo runtime replaces this layer
  omni-research skill (parallel query + extract + synthesize)
        ↓
  Markdown output with per-source sections + synthesis

For IrisGo

The BrowserBridge in browser.py is an abstract interface. Current implementation uses direct CDP via WebSocket. IrisGo runtime provides native browser APIs — just swap the bridge layer.

# skill.json requirement
{ "requirements": { "tools": ["browser"] } }

Files

5 total
Select a file
Select a file to preview.

Comments

Loading comments…