ClawHub

Deep Research Work From Xian.LaoJ

v1.0.0

Comprehensive research framework that combines web search, content analysis, source verification, and iterative investigation to conduct in-depth research on any topic. Use when you need to perform thorough research with multiple sources, cross-validation, and structured findings.

17· 5.3k·21 current·21 all-time
by@jiacode
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (deep research) align with the instructions (web_search, web_fetch, browser, memory, read/write) and the included research_template and JS workflow. The skill does not request unrelated credentials or binaries.
Instruction Scope
SKILL.md instructs the agent to use web_search, web_fetch, browser, and memory tools to gather and validate sources — this is appropriate for the stated purpose. It does not ask the agent to read arbitrary local files, environment variables, or transmit data to unknown external endpoints. One minor note: the included JS implementation is a mock/simulation (it generates fake sources/content and does not call external APIs); this is coherent but users should understand the JS is illustrative, not a network-fetch implementation.
Install Mechanism
No install spec is provided (instruction-only skill). No downloads, packages, or extracts occur. This is the lowest-risk installation footprint.
Credentials
The skill requires no environment variables, credentials, or config paths. All declared and implied tool accesses (web_search, web_fetch, browser) are proportional to a research orchestration skill.
Persistence & Privilege
always is false and the skill does not request elevated or permanent platform presence. disable-model-invocation is false (normal default), meaning the agent can call it autonomously — this is expected for skills and is not a standalone risk here.
Assessment
This skill appears to be an orchestration/template for conducting web-based research and is internally consistent. Before enabling it: 1) Note it relies on the agent's web-access tools (web_search, web_fetch, browser) — those tools will access the internet to gather sources. 2) The included JavaScript file is a mock/simulation (it generates fake sources/content) and is illustrative rather than performing real fetches; don’t assume it implements actual network retrieval. 3) No credentials or installs are required, so there is no obvious secret-exfiltration vector in the skill bundle itself. 4) If you allow the agent to use web_fetch/browser, ensure you trust the agent's environment and policies for web access and any persistent memory the platform provides (research results may be written to agent memory if the agent is instructed to do so). 5) The JS contains some untested/placeholder logic (e.g., simulated data and minor structural bugs) — treat it as a helper template rather than production code. If you need production-grade automation, request a version that calls the platform's web tools directly and includes tests or a clear execution plan.

Like a lobster shell, security has layers — review code before you run it.

latestvk975yh9dqce2d0b5w0gcmwcf9h80j2rn

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments