deepresearchwork forme
PassAudited by ClawScan on May 10, 2026.
Overview
The skill’s files match its stated report-generation purpose; the main things to notice are its disclosed use of external search/dependency skills and runtime Mermaid CLI execution via npx.
This skill appears safe to install for its stated purpose. Before using it, be comfortable with external web/search tooling, dependent skills, and npx-based Mermaid CLI execution, and avoid giving it confidential research topics unless those data-sharing paths are acceptable.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Chart conversion and parts of the workflow may depend on code or skills outside this artifact set.
The skill relies on external skills and an npm CLI package, with some dependencies described as latest and the npx command not pinning an exact version. This is disclosed and purpose-aligned, but users are trusting external supply-chain components.
deepresearchwork | latest ... markdown-formatter | latest ... @mermaid-js/mermaid-cli | ^11.0.0 ... npx -y @mermaid-js/mermaid-cli
Use trusted dependent skills, prefer pinned package versions where possible, and run in a normal project workspace rather than a sensitive system directory.
When chart conversion is run, npm/npx may execute Mermaid CLI code on local `.mmd` files and write PNG outputs.
The script executes Mermaid CLI through npx to convert `.mmd` files into PNGs. This is central to the skill’s stated chart-rendering purpose, but it is still runtime code execution via the local Node/npm toolchain.
if npx -y @mermaid-js/mermaid-cli \
-i "$mmd_file" \
-o "$output_file"Only run conversion if you trust the npm package source and your Node/npm environment; consider pinning the CLI version for reproducibility.
Research topics and generated context may leave the local conversation when external search or dependent skills are used.
The workflow explicitly uses an online-search skill and other dependent skills for research. This is expected for deep research, but user-provided topics or report context may be passed to external tools or providers.
使用 `online-search` 技能进行多维度搜索
Avoid using confidential topics unless you are comfortable with external search/tool processing, and review the dependent skills’ behavior if the report content is sensitive.