Unifuncs Deep Research
PassAudited by ClawScan on May 1, 2026.
Overview
The skill appears purpose-aligned for UniFuncs deep research, but it requires an API key, sends research prompts to UniFuncs, and may save streamed report output locally.
This skill is reasonable to use if you are comfortable with UniFuncs receiving the research prompt and using your API key. Before approving a run, confirm the topic, cost/time expectation, and options; avoid confidential prompts unless appropriate; and remove any stream files that may contain sensitive report content.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent can run the local Python wrappers for deep research after confirmation, so the user should verify the topic and options before approving.
The skill authorizes Python command execution for the included research wrappers, and the instructions add an explicit user-confirmation gate before the long-running or higher-cost API operation.
allowed-tools: Bash(python3:*) ... Mandatory second confirmation ... Do not run the scripts until the user clearly confirms
Approve only after the agent restates the research topic, cost/time expectation, and non-default options; keep execution to the included deep-research scripts.
Using the skill gives the script authority to spend or access whatever the configured UniFuncs API key permits.
The script uses a UniFuncs bearer token from the environment. This is expected for the service, but users should notice it because the registry metadata lists no required credentials.
api_key = os.environ.get("UNIFUNCS_API_KEY") ... "Authorization": f"Bearer {api_key}"Use a scoped UniFuncs key if available, keep it in an environment variable, and avoid sharing logs or shells that might expose it.
Research topics, questions, and any sensitive details included in the prompt will be processed by UniFuncs.
The user's research query is sent to UniFuncs' external API. This is core to the skill's purpose, but it is still an external data flow.
CREATE_TASK_ENDPOINT = "https://api.unifuncs.com/deepresearch/v1/create_task" ... "messages": [{"role": "user", "content": args.query}]Do not include confidential or regulated information unless you are comfortable sending it to UniFuncs under its terms and privacy practices.
Sensitive research output may remain in local stream files after the report is generated.
Streaming report chunks can be written to a local temp or user-specified file, which may retain research output beyond the immediate conversation.
Path to persist/read stream chunks. If omitted, temp file is auto-created when writable.
Use a deliberate stream-file location for sensitive work and delete temporary stream files when no longer needed.
A report run may involve background processing while streamed output is collected.
The report client contains a non-user-facing background-worker mode. The visible context suggests it supports long-running streaming, but it is not documented in the normal options list.
parser.add_argument("--background-worker", action="store_true", help=argparse.SUPPRESS)If canceling or troubleshooting a run, check for any remaining deep-research Python process and terminate it if needed.