CueCue Deep Research
PassAudited by ClawScan on May 1, 2026.
Overview
The skill is a coherent CueCue financial research CLI wrapper, with expected caution points around installing an external npm tool, using an API key, sending research queries to CueCue, and running tasks in the background.
This skill appears purpose-aligned and not suspicious from the provided artifacts. Before installing, verify the @sensedealai/cuecue npm package source, protect the CUECUE_API_KEY, be mindful that prompts may be sent to CueCue, and use foreground mode or careful output paths for sensitive research.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the skill requires trusting the external CueCue npm CLI package that performs the actual research operation.
The skill relies on an external npm package to provide the CLI it invokes. This is expected for the stated purpose, but the artifact itself does not include the package code.
node | package: @sensedealai/cuecue | creates binaries: cue
Install only from the expected npm package publisher, keep it updated, and review the package provenance if using it in a sensitive environment.
The API key may grant access to the user's CueCue account or quota, and storing it locally can leave a persistent credential on the machine.
The skill requires a CueCue API key and documents both environment-variable use and optional local configuration storage for that credential.
`--api-key KEY` | CueCue API 密钥(默认读取 `CUECUE_API_KEY` 环境变量) ... `cue config set api_key YOUR_KEY`
Use a dedicated CueCue API key with appropriate scope, prefer environment-based secret management when possible, and rotate the key if it may have been exposed.
Financial research topics, prompts, and possibly report notifications may be processed by CueCue and surfaced in the configured conversation channel.
Research queries are sent to the CueCue service, and task notifications are tied to an OpenClaw channel ID. This data flow is disclosed and aligned with the hosted research purpose.
`cue research <query>` ... `--base-url URL` | CueCue API 基础地址(默认为 `https://cuecue.cn`) ... `--openclaw-channel-id ID` | ... 必须使用当前对话的 channel-id
Avoid including confidential investment plans, client data, or nonpublic company information unless CueCue and the selected channel are approved for that data.
A research task may continue asynchronously after the command starts, which can affect timing, notifications, and API usage.
The CLI runs research in the background by default unless the foreground option is used. This is disclosed and appears purpose-aligned for long-running deep research.
`--foreground` | N | 在前台运行(默认:后台运行)
Use `--foreground` for tasks that need close supervision, and monitor background jobs and output files for sensitive or costly research runs.