Research Idea
PassAudited by ClawScan on May 1, 2026.
Overview
This is a coherent instruction-only business-research helper that openly starts user-triggered background sessions and stores/returns results, with no artifact evidence of malicious behavior.
Before enabling it, be comfortable with background Clawdbot sessions, local storage under `~/clawd/ideas/`, web-based research, and Telegram delivery of the results. Use it in a private chat and clean up generated sessions/files if the idea is sensitive.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A research task can continue in the background and its session history may remain available after completion.
The skill intentionally creates a background sub-agent and keeps the session record. This is disclosed and triggered by the user, but it is autonomous/persistent behavior users should notice.
Use `sessions_spawn` to launch a background research session ... **cleanup**: keep
Use the trigger intentionally, monitor spawned sessions when needed, and clean up kept sessions if you do not want the history retained.
Submitted ideas and resulting analysis may remain in local files after the task finishes.
The workflow stores the idea research persistently on disk. This is expected for the skill, but the saved content may include sensitive business ideas.
Save results to `~/clawd/ideas/<slug>/research.md`
Avoid entering confidential ideas unless you are comfortable with local retention, and delete the generated idea directory if you no longer need it.
Research results may be visible to anyone with access to the current chat and retained by the chat platform.
The results are routed from the background session back through the current Telegram chat. This is intended, but it affects who can see the output.
Send the file + summary back to this Telegram chat
Use a private chat for sensitive business ideas and verify the target chat before triggering the skill.
Users have limited external provenance information for the skill, even though there is no executable package to inspect.
The registry metadata does not provide external provenance. Because the skill is instruction-only with no install spec or code files, this is an informational provenance note rather than a behavior concern.
Source: unknown; Homepage: none
Review the included instructions before enabling the AGENTS.md integration, especially if provenance matters for your environment.