Deep Research Pro v2.2
v2.2.0Conducts thorough research by downloading full PDFs, extracting structured data with original text quotes, verifying sources, and generating cross-validated...
⭐ 0· 106·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The name/description (full‑text extraction, quoting, source verification) align with the included scripts (extract-from-pdf.py, check-sourcing.sh, quality-score.py) and templates. There are no unrelated credentials or unusual binaries requested.
Instruction Scope
Instructions explicitly require downloading arbitrary PDF URLs, extracting text, copying 50+ character verbatim quotes from source, and running a provenance check; these are coherent with the stated goal. Notes of caution: downloading/parsing arbitrary PDFs can expose the host to malformed/malicious PDFs; the workflow promotes copying verbatim excerpts which may have copyright implications; check-sourcing.sh assumes report and source file layout and relies on grep patterns.
Install Mechanism
There is no install spec even though the code depends on Python and either pdfplumber (a pip package) or pdftotext (and likely the poppler system library). SKILL.md lists those tools as '已安装' but the registry metadata declares no required binaries/dependencies — this mismatch means the agent or user must ensure the environment has the needed packages. Also check that grep -P (PCRE) is available where the scripts run.
Credentials
The skill requests no environment variables or credentials and the scripts do not read secrets or other env vars. Network access to arbitrary URLs is required for the intended purpose; no external endpoints or hidden exfiltration channels are present in the code.
Persistence & Privilege
The skill is not always-on and does not request persistent system privileges or alter other skills. It writes temporary files (uses /tmp) and deletes them; that is normal for its function.
Assessment
This skill appears coherent with its stated purpose, but take these precautions before installing or executing it:
- Ensure your environment has Python3, pdfplumber (pip) or pdftotext + poppler installed; the package/dependency requirements are not declared by the registry.
- Run the workflow in an isolated environment (VM/container) because it downloads and opens arbitrary PDFs — malformed PDFs can exploit local parsers.
- Review the code (extract-from-pdf.py and check-sourcing.sh) yourself if you can; they perform network downloads and local file writes but contain no hidden exfiltration. Verify the User-Agent and URL handling if you have network-policy constraints.
- Be aware the skill enforces copying verbatim 50+ character quotes from sources — consider copyright/privacy rules when including such text in generated reports.
- Confirm grep -P availability (the shell script uses PCRE patterns) or adjust scripts for your environment.
If you need higher assurance, request the author add an explicit install spec (pip/apt/poppler), declare required binaries, and add input validation/sanitization for PDF URLs before running.Like a lobster shell, security has layers — review code before you run it.
deepvk975190qv1gavvr9ccp9qaxrxn837k9dlatestvk975190qv1gavvr9ccp9qaxrxn837k9dpdf-extractionvk975190qv1gavvr9ccp9qaxrxn837k9dresearchvk975190qv1gavvr9ccp9qaxrxn837k9dstudyvk975190qv1gavvr9ccp9qaxrxn837k9d
License
MIT-0
Free to use, modify, and redistribute. No attribution required.