ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Deep Research for OpenClaw

v0.1.1

Install and wire a structured OpenClaw deep-research sub-agent with hybrid search, artifact-based runs, claim verification, report linting, and validated fin...

0· 268·1 current·2 all-time
byLamdaProject@milleniumgenai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description describe installing a deep-research OpenClaw sub-agent. The declared requirements (openclaw, python, openclaw.json, a configured deep-researcher agent, optional Tavily API key) are coherent and expected for this purpose; there are no unrelated credentials or binaries requested.
Instruction Scope
SKILL.md instructions are focused: clone the public GitHub repository, copy the workspace-researcher files into your OpenClaw base, update openclaw.json, and run py_compile + a small init script and the openclaw agent CLI for a smoke test. The only noteworthy scope expansion is that you must write into and modify your OpenClaw config and execute scripts from the cloned repo — this is expected for installing a sub-agent but is something to inspect beforehand.
Install Mechanism
There is no packaged install spec; the workflow instructs cloning the repository from GitHub and copying files into your OpenClaw directory. Using a public GitHub repo is common and reasonable, but downloading and placing third-party scripts into your agent runtime can introduce remote code execution risk if you don't review the code first.
Credentials
No required environment variables or credentials are declared. The SKILL.md notes an optional TAVILY_API_KEY only if you choose the Tavily-backed path — this is proportional and clearly documented as optional.
Persistence & Privilege
The skill requires editing/adding the deep-researcher agent entry in openclaw.json and copying files into the OpenClaw installation, which creates persistent presence in your OpenClaw runtime. The skill does not set always: true and does not request platform-wide elevated privileges, but you should be aware it makes persistent changes to your agent configuration.
Assessment
This skill is internally consistent with its stated purpose, but treat it like any third-party code you install: 1) Inspect the GitHub repository before cloning (look at the scripts in openclaw/workspace-researcher/scripts and SOUL.md). 2) Back up openclaw.json and any OpenClaw directories you will modify. 3) Run the provided py_compile and review init_research_run.py output; consider running the init script in a sandboxed environment or VM first. 4) Only provide a Tavily API key if you intend to use that feature, and store it securely (e.g., in a vault or .env you control). 5) Verify the repository origin and maintainer reputation if this will run in production. Following these steps reduces risk from executing unreviewed code placed into your agent runtime.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cdpj218mqcxxa0qt9gpff8982maah

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binsopenclaw, python
Configopenclaw.json, deep-researcher agent configured in OpenClaw, Tavily API key configured if Tavily-backed scouting is desired

Comments