DeepthinkLite
PassAudited by ClawScan on May 1, 2026.
Overview
DeepthinkLite appears benign: it creates local research artifacts and includes clear permission and untrusted-source handling guidance, though users should notice that approved research may read local or web sources and save excerpts locally.
This skill is reasonable to install if you want local research scaffolding. Before use, choose a safe output folder, approve only the specific local paths or web browsing you want the agent to access, and consider summary-only mode when working with sensitive or untrusted sources.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If approved, the agent may inspect local files or browse the web as part of research.
The skill permits potentially sensitive research tool use, but it is disclosed, purpose-aligned, and explicitly permission-gated.
DeepthinkLite assumes the agent may use tools for research: - read local files / docs - inspect source code - browse the web / fetch URLs But: before doing any web browsing or accessing non-obvious local paths, the agent must ask the user explicitly for permission
Approve only specific paths, repositories, or browsing targets you are comfortable sharing with the agent.
Using the command will execute local script code and create files under the chosen output directory.
Invoking the skill runs the included bash wrapper and Python script locally. The reviewed code only creates scoped research artifact files, so this is expected for the workflow.
"entrypoint": "bash", "args": [ "scripts/deepthinklite.sh" ]
Use a safe output directory and review generated files, especially if your query includes sensitive information.
Saved research files may contain your query, citations, and raw source excerpts that could be reused later.
The workflow intentionally persists research outputs, and the default mode can include raw untrusted source snippets. The skill also provides untrusted-content handling rules, which mitigates but does not remove the need for care.
Every run produces two artifacts you can keep, diff, and reuse: - `questions.md` - `response.md` ... `--source-mode raw` (default): raw snippets allowed
Use `--source-mode summary-only` for sensitive or highly untrusted sources, and keep raw excerpts clearly labeled as untrusted.