Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Openclaw
v1.2.0Multi-agent collaborative industry research for OpenClaw. Dynamically assigns research roles, runs parallel research via sessions_spawn with codex/gemini/cla...
⭐ 0· 62·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (multi‑agent research) aligns with use of sessions_spawn, exec, web_search and optional model CLIs. However, the SKILL.md expects the agent to run shell commands that inspect, move, or delete local project directories and to query a local session API — filesystem and local-session access are heavier privileges than a simple 'research report' skill would normally require and should be explicitly justified. Also the skill relies on local model CLIs (codex/gemini/claude) and their credentials implicitly rather than declaring those as required environment variables.
Instruction Scope
The runtime instructions tell the agent to run many shell commands (ls, mv, rm -rf, mkdir, curl to localhost, write/read files under project and /tmp), to create/modify project dirs, and to immediately spawn multiple sub-agents in the same turn (explicitly forbids pausing). It also instructs writing sensitive interim files (/tmp/research-cross-validate.txt) and piping them to third-party CLIs. The skill reads environment variables at runtime (via exec) though none are declared in the registry. These behaviors extend well beyond pure 'analysis' and can modify or delete local data and transmit analysis to external model CLIs.
Install Mechanism
Instruction-only skill (no install spec, no code files). This minimizes supply-chain risk because nothing is downloaded or installed by the skill itself.
Credentials
Registry lists no required env vars, but SKILL.md reads a long list of RESEARCH_* environment variables at runtime (e.g., RESEARCH_MODELS, RESEARCH_CLI_TOOLS, RESEARCH_CLI_TIMEOUT). The skill also expects to use the user's locally-configured model CLIs (which rely on credentials stored in those CLIs) without declaring them. Requesting implicit access to CLI-authenticated provider accounts and reading many env vars is disproportionate unless the user explicitly intends to share those locally configured credentials.
Persistence & Privilege
always:false (normal), but the skill instructs automatic spawning of multiple sub-agents and execution of shell commands (including rm -rf) during a single turn without user confirmation in key steps. Autonomous invocation combined with destructive filesystem operations and piping content to external provider CLIs increases risk. The skill does ask for user confirmation before some destructive actions (archive/delete options), but other parts mandate immediate action and forced sessions_spawn calls.
What to consider before installing
Before installing, be aware this skill will: 1) run shell commands that list, move, and may delete directories and files in your working directory; 2) read many RESEARCH_* environment variables at runtime even though none are declared in the registry; 3) call your locally-installed model CLIs (codex/gemini/claude), which will use whatever credentials/config you have for those tools and will see the data you pipe to them; 4) spawn multiple sub-agents automatically and requires certain steps happen in a single turn without pausing. Recommendations: back up and/or run in an isolated workspace, set RESEARCH_CLI_TOOLS=none if you do not want it to call local CLIs, review and (if needed) remove any sensitive files or env vars before running, and inspect the SKILL.md text closely to confirm you accept the described file operations and automatic spawning behavior. If you need stronger assurance, request an explicit declaration of which credentials/CLIs will be used and run the skill first in a sandboxed environment.Like a lobster shell, security has layers — review code before you run it.
latestvk97dkk36frvj5tjr40e84ekv5183jc7n
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🔍 Clawdis
Any bincodex, gemini, claude