ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

深度调研 (Deep Research)

v1.1.0

中文深度调研工具。基于 academic-deep-research fork,针对中文场景优化:自动生成中文 PDF(内嵌样式、容错降级)、Tavily 搜索集成、飞书自动交付。适用于竞品分析、行业调研、政策研究等需要严格方法论的场景。使用 native OpenClaw 工具(web_search, web_...

0· 119·0 current·0 all-time
by@mydearzsy
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill claims no required environment variables or external dependencies, yet its runtime mandates automatic delivery to Feishu (message(..., channel="feishu" ...)) and includes a md2pdf script that calls system binaries (pandoc, weasyprint, wkhtmltopdf). The README also claims 'No external dependencies' while SKILL.md requires web_search/web_fetch (network) and an external delivery channel. These mismatches mean the declared requirements do not align with what the skill actually needs to function.
!
Instruction Scope
SKILL.md forcefully requires automatic post-research actions: write report to ~/openclaw/workspace/research/..., run scripts/md2pdf.sh, then send the PDF via message(..., channel="feishu", target="<user_id>"). It explicitly says 'No User Permission Needed' and forbids asking the user before sending. That directs the agent to read/write local files and transmit content to an external channel without an explicit user confirmation step, which is scope creep from a research-only assistant and could leak sensitive data.
Install Mechanism
There is no install spec (instruction-only), which is low-risk. However, the included scripts/md2pdf.sh depends on system tools (pandoc, weasyprint, wkhtmltopdf) that are not declared in metadata; the script will fail or behave differently depending on host binaries. No remote downloads or obfuscated code are present in the files provided.
!
Credentials
The skill declares no required env vars or primary credential, yet instructs sending a PDF via Feishu with a target placeholder. It doesn't declare how Feishu credentials or target user IDs are supplied, nor does it request explicit user approval to transmit reports. Requesting write access to ~/openclaw/workspace is reasonable for saves, but automatic outbound delivery without declared credentials or explicit consent is disproportionate.
Persistence & Privilege
always:false (good) and the skill does not request persistent platform-level privileges. Still, it instructs saving files in the user's workspace and requires agents/sub-agents to auto-send outputs; that grants it practical ongoing capability to create and exfiltrate data on each invocation if the platform message tool is available. This is not an explicit platform privilege but increases blast radius when combined with the auto-send requirement.
What to consider before installing
Before installing or enabling this skill, consider the following: - The skill requires automatic saving and sending of research PDFs to Feishu without asking the user at the end. Confirm whether you are comfortable with automatic outbound delivery of potentially sensitive content and whether your platform's message tool already has Feishu access. - The included md2pdf.sh expects pandoc and either weasyprint or wkhtmltopdf; these binaries are not declared. Ensure the host has them installed or the script will fail (or the agent may fall back to sending the raw markdown). - Ask the publisher to remove or modify the 'No User Permission Needed' delivery step: require explicit user consent before sending, and make the Feishu target/user id and delivery channel configurable and documented. - Verify where the Feishu credentials come from (platform-managed vs. skill-managed). If the platform provides message(...) with Feishu access, decide whether you want this skill to be able to use that channel autonomously. - If you need confidentiality, test the skill in a sandbox/isolated environment first and inspect generated reports before allowing automatic delivery. - Ideally request updated metadata: list required binaries (pandoc, weasyprint/wkhtmltopdf), declare any required env vars or tokens for Feishu delivery, and change the SKILL.md to ask for final user approval before sending. Given these inconsistencies and the mandatory auto-send behavior, treat the skill as suspicious until the above questions are answered or the delivery behavior is made explicit and opt-in.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cj179n5gt4gpc59q39qqbyh832rmw

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔬 Clawdis

Comments