Deep Research v7

What to consider before installing/running this skill: - Review the code before running: the skill contains many executable Python scripts that will perform arbitrary web fetches, PDF downloads, parsing, and call a ResearchTools bridge. Inspect scripts/research_claw_bridge.py and cookie-management code to see what remote endpoints and credentials they use and whether any data is transmitted to unexpected hosts. - Credentials and API keys: the bundle depends on 'openai' and mentions LLM usage but does not declare required environment variables (e.g., OPENAI_API_KEY) or other API credentials. If you run it, supply only minimal, scoped keys in an isolated environment; do not expose high-privilege keys on your main machine. - Network & paywalled content: INTEGRATION.md and scripts mention using cookies to bypass logins and scraping paywalled content. Decide whether you are comfortable with that behavior and confirm it complies with terms of service and local laws. - Isolation: run the skill in a sandbox or disposable environment (container/VM) with no access to sensitive host files. Pay attention to paths the scripts write to (they use /root/.openclaw/workspace/... by default). Change output directories to a safe location before running. - Cross-skill imports: scripts insert absolute workspace paths and import code outside the skill; ensure those paths are expected and review the referenced external code. That import pattern can allow the skill to read other skills' data. - If you need to use it: 1) open and read scripts/research_claw_bridge.py and cookie_manager.py first; 2) search for any 'requests.post' or custom endpoints within the code to see where data is sent; 3) run with limited permissions and network monitoring; 4) prefer providing API keys via temporary/scoped credentials. Given these mismatches (undeclared credential needs, absolute workspace access, and scraping-with-cookie hints), treat the skill as suspicious until you verify the code and runtime behavior in an isolated environment.