Gemini Deep Research (J-Claw)
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill largely matches its Gemini research purpose, but it relies on auto-updating external MCP code and can run a background workflow that triggers Discord/OpenClaw agent activity after the initial request.
Install only if you trust the external Gemini Deep Research extension and are comfortable with a paid Gemini API key, research topics being sent to Gemini, reports being written locally, and a background poller that may message Discord or trigger a follow-up agent. Prefer a pinned extension version, avoid auto-update, and ask for explicit confirmation before background agent chaining.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The code that actually talks to Gemini can change outside this reviewed skill and may run with access to the configured API key and research requests.
The skill asks the user to install an unpinned GitHub extension with auto-update enabled, and the scripts later run that extension's `dist/index.js`; future or unreviewed extension code can change behavior while holding the Gemini integration role.
gemini extensions install https://github.com/allenhutchison/gemini-cli-deep-research --auto-update
Install only from a trusted source, prefer a pinned/reviewed extension version, disable auto-update if possible, and document the exact extension version required.
The agent may continue operating and trigger follow-up activity after you think the initial request is finished.
The skill explicitly creates a background polling workflow and includes a function that can launch another OpenClaw agent action after the original skill invocation has exited.
The workflow is non-blocking — the agent sets up the task and exits immediately while a background script handles polling. ... openclaw agent --channel discord --message "$message" --deliver --timeout 600
Require explicit user opt-in for background operation and agent re-entry, provide a visible cancellation command, and avoid `openclaw agent --deliver` unless the user specifically approves it.
Status or workflow messages could be sent to a Discord channel, and another agent run could be started from that channel context.
The background script bridges local polling results into Discord messages and agent-triggering messages using an injected chat ID, with unclear user confirmation of the recipient and follow-up agent permissions.
CHAT_ID="INJECT_CHAT_ID" # ← Agent: replace with current Discord channel ID ... openclaw message send --channel discord --target "$CHAT_ID" -m "$message" ... openclaw agent --channel discord --message "$message" --deliver
Clearly disclose Discord notification behavior, confirm the target channel before use, and limit follow-up messages to simple user notifications unless the user opts into agent chaining.
Your paid Gemini API key may be used for research calls and could incur charges if the workflow is run.
The fallback workflow reads a Gemini Deep Research API key from the local extension configuration and places it into the environment. This is purpose-aligned, but it is sensitive credential handling and the registry metadata lists no primary credential.
export GEMINI_DEEP_RESEARCH_API_KEY=$(cat ~/.gemini/extensions/gemini-deep-research/.env | grep API_KEY | cut -d= -f2)
Use a revocable, least-privileged API key if available, monitor usage/quota, and ensure the external extension is trusted before configuring the key.
The workflow depends on local executable code from the Gemini extension, not just static instructions in this skill.
The script starts a local Node MCP server from the Gemini extension path. This is expected for the integration, but it means installing the skill leads the agent to execute local extension code outside the reviewed script set.
server = spawn('node', ['dist/index.js'], { cwd: EXT_PATH, stdio: ['pipe', 'pipe', 'pipe'], env: { ...process.env, ...extEnv } });Review and trust the installed extension before running the skill, and keep the execution path limited to the intended Gemini Deep Research extension.