Deep Researcher
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This appears to be a purpose-aligned academic research helper, with cautions around external web searches, optional credentialed sources, local caching, provenance, and overconfident QA language.
Install only if you are comfortable with the agent performing external web searches for your research topics. Treat the output as a draft, verify all citations and factual claims yourself, avoid sharing sensitive credentials unless the access scope is explicit, and clear any local research caches or QA reports for sensitive projects.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill could be trusted or routed like an official replacement if the platform honors these fields.
The skill presents itself as native and replacement-capable. Since the registry source is listed as unknown, users should verify provenance before treating it as an official built-in replacement.
metadata: builtin_skill_version: "1.1" openclaw_native: true replaces: knowledge-digest
Verify the publisher/source before relying on the native or replacement claim, especially if it would override an existing research or knowledge skill.
Research topics, keywords, and visited source URLs may be exposed to search/web providers.
The skill directs the agent to run multiple external searches and extract website content. This is central to the research purpose, but it is still an external data-flow and tool-use behavior.
Query multiple source categories using OpenClaw's native tools... `batch_web_search` ... `extract_content_from_websites` ... `batch_web_search` (up to 10 concurrent queries)
Avoid putting confidential or sensitive research topics into searches unless you are comfortable with external providers seeing those queries.
If the user provides institutional, subscription, or API credentials for research sources, the scope of that access is not clearly defined in the artifacts.
The declared credential contract says no credentials are required, but the capability signal indicates possible sensitive-credential use. The files do not show credential collection, so this is an ambiguity rather than evidence of misuse.
Required env vars: none; Primary credential: none; Capability signals: requires-sensitive-credentials
Use public sources by default, and only provide credentials when the exact account, purpose, and access limits are clear.
Local caches may retain research topics and source lists, which could reveal interests or be reused later if not cleared.
The skill recommends local caching of source metadata. That is purpose-aligned for research, but the artifacts do not define cache path, retention, or clearing behavior.
- **Cache results**: Store source metadata locally to avoid repeat API calls
Clear any generated caches or reports after sensitive research projects and review cached source metadata before reuse.
Users may rely on generated papers as fully verified when citations, facts, and source interpretations still require human review.
The QA language is very strong and could lead users to over-trust generated academic output. The artifacts provide checklists and a helper script, but no mechanism can guarantee zero hallucinations.
## SECTION 1: ACCURACY (0% Hallucination Tolerance) - [ ] Every factual claim has ≥1 source citation
Independently verify key claims, citations, DOIs, and quotations before submitting, publishing, or using the generated paper for decisions.