ClawHub

Deep Research

v1.1.0

Conduct deep research with multi-source analysis, generating professional reports. Use when user needs comprehensive research, market analysis, competitive a...

0· 99·1 current·1 all-time
by@tobewin
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description ('Deep Research') matches the included scripts (orchestrator, research_engine, report_generator, pdf_converter, analysis, progress manager). Required binaries (curl, python3, node) are appropriate for web queries, Python scripts, and PDF conversion via npm tools. Minor inconsistency: SKILL.md examples and some shell snippets create tasks under "$WORKSPACE/research-orchestrator/tasks/..." while the Python orchestrator uses workspace/deep-research/tasks; this is a naming/path mismatch but does not indicate malicious intent.
Instruction Scope
SKILL.md instructs the agent to create workspace directories, spawn parallel sub-agents using sessions_spawn, perform searches (via a web-search skill), collect findings, run local Python scripts to synthesize and generate reports, and convert Markdown to PDF. These actions are within the stated purpose. The instructions do not request unrelated files, credentials, or unknown external endpoints. They do give the agent discretion to spawn sub-agents and run searches, which is expected for this skill's functionality.
Install Mechanism
There is no formal install spec in the registry; the skill is instruction/code-only. At runtime the pdf_converter may attempt to install md-to-pdf globally via 'npm install -g md-to-pdf' and uses 'npx md-to-pdf' for conversion. That behaviour is visible in the scripts (calls out to npm/npx). Installing global npm packages at runtime is convenient but has higher friction and should be noted by the user.
Credentials
The skill declares no required environment variables or credentials and the code only references OPENCLAW_WORKSPACE (with a fallback to PWD). No tokens, keys, or external auth are requested. Requiring curl/node/python3 is proportional to the functionality. The scripts do attempt to call web/academic sources (arXiv) and expect a 'web-search' capability from the agent; these are expected for a research tool.
Persistence & Privilege
always is false and the skill does not request elevated platform privileges. The code creates and writes files within the user's workspace (deep-research task directories) but does not attempt to modify other skills or system-wide configs. The workflow spawns sub-agents (sessions_spawn) which is part of its research orchestration role; users should be aware that sub-agents run concurrently and may produce many network calls.
Assessment
This skill is internally consistent with its stated purpose: it orchestrates parallel sub-agents, collects multi-source findings, synthesizes analysis, and produces Markdown/PDF reports. Before installing or running it, consider the following: - Review and confirm the workspace path you want the skill to use (SKILL.md uses research-orchestrator/... while the Python code uses deep-research/...); files will be created under that workspace and the mismatch can cause confusion. - The PDF converter may run 'npm install -g md-to-pdf' and uses 'npx md-to-pdf'. If you prefer not to allow global npm installs, ensure the environment already has md-to-pdf or run the conversion in a controlled environment. - The skill will spawn parallel sub-agents (sessions_spawn) and perform many searches; expect increased network activity and potentially many created files. If you have quotas, rate limits, or monitoring needs, sandbox or monitor the agent's activity. - No credentials are requested by the skill, which is good. Still review the code if you will run it in an environment that contains sensitive files — the scripts write to the workspace and may read/write JSON/MD files there. If you want extra caution: run the skill in an isolated testing workspace, verify that required binaries (python3, node/npm, curl) are present and acceptable to use, and inspect the generated task directories before granting broader access.

Like a lobster shell, security has layers — review code before you run it.

latestvk979yk2xtefwdq16gs0z45p4vx83erxc

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔬 Clawdis
Binscurl, python3, node

Comments