ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Deep Research Agent

v1.0.0

Deep multi-source research agent. Use when: (1) user asks to research a topic, question, or claim, (2) user needs a literature review, competitive analysis,...

0· 41·0 current·0 all-time
bySharoon Sharif@sharoonsharif
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (deep multi-source research) match the included SKILL.md and the research.py helper. The script's purpose (indexing reports under ~/research) is coherent with producing and managing research reports. No unexpected cloud credentials, unrelated binaries, or unrelated services are required.
Instruction Scope
SKILL.md prescribes broad web discovery (web_search, web_fetch, x_search), deep extraction, iterative queries, and use of local shell helpers (bash with summarize/oracle). That scope is consistent with a research workflow, but it authorizes: (a) fetching many external URLs, and (b) running shell summarization commands. Those actions can retrieve and process large amounts of external content and could store it locally (the included script expects report .md files). Users should be aware this may capture sensitive or private information if the research target includes such material.
Install Mechanism
Instruction-only skill (no install spec). The included Python script is bundled with the skill and does not download additional code or execute remote installers. No archive downloads, package installs, or external install URLs are present.
Credentials
The skill requests no environment variables or external credentials (proportionate). The script writes to and reads from ~/research/index.json and report .md files, which is reasonable for a report manager but does create persistent files in the user's home directory—consider privacy implications for saved fetched content.
Persistence & Privilege
always:false (no forced global activation). The only persistence is the script's own index and report files under the user's home directory. It does not modify other skills or system-wide agent settings.
Assessment
This skill appears coherent for research tasks, but review these points before installing: - The skill will create and manage files under ~/research (index.json and .md reports). If you run research on sensitive topics those files could contain fetched content—inspect or sandbox the directory and back up/remove sensitive reports. - SKILL.md instructs the agent to run shell summarization helpers (bash with 'summarize' / 'oracle'). Confirm what the agent's 'bash' and helper tools are allowed to do in your environment — shell access can run arbitrary commands. - The skill uses web_fetch/x_search to pull external content. Ensure your agent's network access and fetch implementation are configured according to your security/privacy policies (e.g., proxy, logging, allowed domains). - Author metadata is minimal (no homepage); if provenance matters, ask the publisher for more information or review the full skill bundle yourself. If you plan to use it in a sensitive environment, run it in a restricted sandbox and inspect saved .md files regularly.

Like a lobster shell, security has layers — review code before you run it.

agentvk97agzynbfe5a60wsb1hq1t0d18402rxanalysisvk97agzynbfe5a60wsb1hq1t0d18402rxlatestvk97agzynbfe5a60wsb1hq1t0d18402rxresearchvk97agzynbfe5a60wsb1hq1t0d18402rxweb-searchvk97agzynbfe5a60wsb1hq1t0d18402rx

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔬 Clawdis

Comments