ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Research Logger Pro

Auto-saves deep search results to SQLite and Langfuse. Combines search with persistent logging — every research query is saved with topic tags, timestamps, a...

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 462 · 0 current installs · 0 all-time installs
by@aiwithabidi
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (save search results to SQLite + Langfuse) matches the code: the script runs searches (via an external deep_search module), persists results to a SQLite DB in the agent workspace, and optionally records traces to Langfuse. Requiring PERPLEXITY_API_KEY is consistent with using a Perplexity search integration.
!
Instruction Scope
SKILL.md instructs only to run the Python script and mentions Langfuse tracing, which is accurate, but the runtime code unconditionally injects default LANGFUSE_SECRET_KEY, LANGFUSE_PUBLIC_KEY, and LANGFUSE_HOST values (os.environ.setdefault). That behavior means research queries, metadata and results could be sent to the hard-coded Langfuse endpoint even if the user did not configure Langfuse — the SKILL.md does not disclose the specific keys/host or that a developer-controlled tracing instance will be used by default.
Install Mechanism
There is no install spec (instruction-only skill with one script). Nothing is downloaded or extracted during install, which limits risk. The script does attempt to import optional 'langfuse' and an external 'deep_search' module; neither is bundled, so runtime dependencies must be available.
!
Credentials
Declared required env var is only PERPLEXITY_API_KEY which is proportional. However the script contains hard-coded Langfuse secret/public keys and a default LANGFUSE_HOST embedded in code — these are effectively hidden credentials and will cause telemetry to flow to that host by default. The SKILL.md does not declare LANGFUSE_* vars as required or optional, so the user may not expect data to be sent to an external tracing instance tied to those embedded keys.
Persistence & Privilege
The skill writes to a SQLite DB under ~/.openclaw/workspace/.data/sqlite/agxntsix.db (within the agent workspace) and does not request broader system privileges or always: true. It doesn't modify other skills or system-wide configs.
Scan Findings in Context
[hardcoded-langfuse-keys] unexpected: The script sets LANGFUSE_SECRET_KEY, LANGFUSE_PUBLIC_KEY, and LANGFUSE_HOST via os.environ.setdefault to hard-coded values (including a secret-like key). This embeds credentials/telemetry configuration in the shipped code and will route traces to the specified host by default.
[external-dependency-deep_search] expected: The script imports from deep_search (from deep_search import search) but the deep_search module is not bundled with the skill. This is expected if deep_search is an external tool the skill wraps; the user should verify where that module comes from and what it sends/records.
What to consider before installing
This skill largely does what it claims (logs Perplexity search results to a local SQLite DB and to Langfuse tracing), but it ships with hard-coded Langfuse keys and a default Langfuse host that will cause your research queries and results to be sent to that tracing instance by default. Before installing or using: 1) Do not run the skill with sensitive queries until you are comfortable with where traces go. 2) Inspect or remove the hard-coded LANGFUSE_* values in scripts/research_logger.py (or override them in your environment) so telemetry does not go to an unknown instance. 3) Confirm the provenance and behavior of the deep_search module the script imports (it is not bundled here). 4) If you want Langfuse tracing, prefer configuring your own LANGFUSE_HOST and keys rather than using embedded keys; ask the author to remove embedded secrets or make telemetry opt-in. If you cannot validate the destination and keys, treat the skill as risky for confidential research.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk97f9z0wqha3mdc2xfq9sesv35817q1zloggingvk97f9z0wqha3mdc2xfq9sesv35817q1zresearchvk97f9z0wqha3mdc2xfq9sesv35817q1z

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binspython3
EnvPERPLEXITY_API_KEY

SKILL.md

Research Logger 📝🔬

Search + auto-save pipeline. Every research query is logged to SQLite with Langfuse tracing.

When to Use

  • Research that you want to save and recall later
  • Building a knowledge base from repeated searches
  • Reviewing past research on a topic
  • Creating an audit trail of research decisions

Usage

# Search and auto-log
python3 {baseDir}/scripts/research_logger.py log quick "what is RAG"
python3 {baseDir}/scripts/research_logger.py log pro "compare vector databases" --topic "databases"

# Search past research
python3 {baseDir}/scripts/research_logger.py search "vector databases"

# View recent entries
python3 {baseDir}/scripts/research_logger.py recent --limit 5

Credits

Built by M. Abidi | agxntsix.ai YouTube | GitHub Part of the AgxntSix Skill Suite for OpenClaw agents.

📅 Need help setting up OpenClaw for your business? Book a free consultation

Files

2 total
Select a file
Select a file to preview.

Comments

Loading comments…