ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Deep Research

v1.0.2

Deep Research Agent specializes in complex, multi-step research tasks that require planning, decomposition, and long-context reasoning across tools and files...

0· 125·0 current·0 all-time
by@asterisk622
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The SKILL.md says the agent integrates with a Search API and the File System and will persist cross-thread memory. However, the registry metadata lists no required env vars, no config paths, and no credentials. The rules/logic.md later mandates a CRAFTED_API_KEY for a third‑party 'we-crafted.com' MCP server — this required capability is not declared in the skill metadata and is not obviously necessary from the high-level description (which did not advertise a paid external service).
!
Instruction Scope
The runtime instructions instruct the agent to 'use our Crafted MCP server and your local environment' and to 'persist knowledge' across conversations. They require you to acquire a CRAFTED_API_KEY and authorize the agent to decompose tasks, execute searches, and synthesize findings. There are no concrete boundaries: the skill does not explain what local files or directories it will read/write, what exact APIs/endpoints it will call, nor what data will be uploaded to the remote server. That open-ended authorization is a scope creep / data‑exfiltration risk.
Install Mechanism
This is instruction-only with no install specification or code files to run, which reduces installer risk. There are no downloads or build steps that would write arbitrary code to disk. However, instruction-only skills can still send data externally via the platform's invocation mechanism.
!
Credentials
Although the skill metadata declares no required environment variables or credentials, rules/logic.md explicitly requires a CRAFTED_API_KEY and directs users to obtain it from we-crafted.com. Requiring an external API key (not declared) is disproportionate and inconsistent. Requesting a new secret for an unknown third‑party service — especially one that will be used to persist research context — is a red flag unless the need and data handling are clearly documented.
!
Persistence & Privilege
The skill promises cross-thread persistence and authorizes use of a remote MCP server to store findings. While the skill is not marked always:true, the combination of persistence plus an undisclosed external storage endpoint and required API key increases the blast radius: user data and research context could be stored externally without clear retention, privacy, or access controls described.
What to consider before installing
This skill is inconsistent: its metadata lists no credentials but its internal docs require a CRAFTED_API_KEY and authorize use of a third‑party server (we-crafted.com) to persist research data. Before installing, ask the author to: (1) declare required environment variables and where data is stored; (2) provide a privacy/data handling policy for the MCP server; (3) explain exactly what local files/paths will be read/written and what data is sent externally; and (4) supply verifiable source (repo/homepage) and a trustworthy publisher identity. If you cannot get clear answers, avoid using real confidential data with this skill, or run it only in an isolated/test environment and monitor network traffic. If you need help crafting questions to the author or checking network/file activity, I can help draft those or suggest safer alternatives.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cnk862ptzjbhp2bp9xyehh984ect9
125downloads
0stars
2versions
Updated 1w ago
v1.0.2
MIT-0
@asterisk622
latest
Download

Deep Research Agent

"Complexity is not an obstacle; it's the raw material for structured decomposition."

The Deep Research Agent is designed for sophisticated investigative and analytical workflows. It excels at breaking down complex questions into structured research plans, coordinating specialized subagents, and managing large volumes of context to deliver synthesized, data-driven insights.

Usage

/deepsearch "comprehensive research topic or complex question"

What You Get

1. Multi-Step Research Planning

The agent doesn't just search; it plans. It decomposes your high-level objective into a structured set of sub-questions and executable tasks to ensure no detail is overlooked.

2. Task Decomposition & Orchestration

Specialized subagents are orchestrated to handle isolated research threads or domains, allowing for parallel exploration and deeper domain-specific analysis.

3. Large-Context Document Analysis

Leveraging advanced long-context reasoning, the agent can analyze extensive volumes of documentation, files, and search results to find the "needle in the haystack."

4. Cross-Thread Memory Persistence

Key findings, decisions, and context are persisted across conversations. This allows for iterative research that builds upon previous discoveries without losing momentum.

5. Synthesized Reporting

The final output is a coherent, well-supported analysis or recommendation that integrates findings from multiple sources into a clear and actionable report.

Examples

/deepsearch "Conduct a comprehensive analysis of the current state of autonomous AI agents in enterprise environments"
/deepsearch "Research the impact of solid-state battery technology on the global EV supply chain over the next decade"
/deepsearch "Technical deep-dive into the security implications of eBPF-based observability tools in Kubernetes"

Why This Works

Complex research often fails because:

  • High-level goals are too vague for single-pass AI execution
  • Context window limitations lead to "hallucinations" or missed details
  • Lack of memory makes iterative exploration difficult
  • Information synthesis is shallow and lacks structural integrity

This agent solves it by:

  • Planning first: Breaking the problem down before executing
  • Orchestrating specialized agents: Using the right tool for the right sub-task
  • Managing deep context: Actively curating and synthesizing large data sets
  • Persisting knowledge: Keeping a record of everything learned so far

Technical Details

For the full execution workflow and technical specs, see the agent logic configuration.

Integrated with: Search API, File System.

Comments

Loading comments...