Auto Research
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill mostly does the advertised research workflow, but it also uses local auth/secrets, sends briefing content to OpenAI, and creates or runs helper code outside the skill directory without clear disclosure.
Install only if you are comfortable configuring and auditing its external services. Before use, set your own BRAVE_API_KEY, OPENAI_API_KEY, QDRANT_URL, REDIS settings, and OBSIDIAN_VAULT; verify that no unexpected auth profiles or secrets helpers are being read; and review or remove the hardcoded /Users/gregborden helper path.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A research run may use the user's OpenAI account and quota without the user explicitly providing a key for this skill.
If OPENAI_API_KEY is not set, the skill reads the user's local OpenClaw auth profile to obtain an OpenAI API key. This credential use is not declared in the registry metadata or SKILL.md environment variable table.
AUTH_FILE="$HOME/.openclaw/agents/main/agent/auth-profiles.json" ... OPENAI_API_KEY=$(jq -r '.["openai:default"].apiKey // empty' "$AUTH_FILE" ...)
Declare OpenAI as a required or optional credential, require explicit user configuration or consent, and avoid reading agent auth profiles silently.
Research topics, summaries, and source text may leave the local machine and be processed by OpenAI during vectorization.
The vectorizer reads the generated briefing file and sends chunks to OpenAI's embeddings API, while the user-facing docs mainly describe Qdrant vectorization and do not clearly identify OpenAI as an external data processor.
with open(file_path, 'r') as f:
content = f.read()
...
response = client.embeddings.create(
model="text-embedding-3-small",
input=text[:8000]Clearly disclose external embedding providers, add an opt-in or disable switch for vectorization, and document what content is sent.
The skill can modify the local OpenClaw workspace and run code outside the reviewed skill package, making behavior harder to audit or remove.
The skill creates an executable Python helper in a hardcoded path outside the skill directory and then runs it. If that file already exists, it executes the external file instead of a manifest-contained helper.
INGEST_TOOL="/Users/gregborden/.openclaw/workspace/tools/research-ingest.py" ... cat > "$INGEST_TOOL" << 'INGEST_EOF' ... chmod +x "$INGEST_TOOL" ... python3 "$INGEST_TOOL"
Keep helper code inside the skill directory, include it in the manifest, avoid hardcoded user paths, and verify or prompt before creating executable files.
Running the cache path may execute local code that the skill package does not include or document, and may access Redis credentials unexpectedly.
The cache script automatically invokes an unprovided ../../tools/secrets.py helper to retrieve a Redis password. That helper is not in the manifest, so its provenance and behavior are outside the reviewed artifacts.
REDIS_PASSWORD="${REDIS_PASSWORD:-$(python3 "$(dirname "$0")/../../tools/secrets.py" get REDIS_PASSWORD 2>/dev/null)}"Remove automatic execution of unmanifested helpers, or declare and include the helper with clear credential-handling documentation.
Research content and potentially sensitive research interests may remain searchable later, and untrusted web snippets could be reused as context.
The skill stores research chunks, topics, file paths, and source metadata in Qdrant for later semantic retrieval. This is aligned with the stated feature, but it creates persistent agent memory from web-derived content.
"payload": {
"topic": topic,
"chunk_index": i,
"text": chunk[:2000],
**metadata
}Configure Qdrant deliberately, add retention/deletion guidance, namespace collections per user or project, and treat retrieved web research as untrusted context.
Searches may be associated with a shared API credential rather than the user's own configured key.
The search script contains a built-in Brave Search API key. Web search is central to the skill and SKILL.md mentions a built-in key, but a shared embedded credential is still noteworthy.
BRAVE_API_KEY="${BRAVE_API_KEY:-BSAfZrm_28TmR5FM9FhMCrTA1A3zS2n}"Prefer requiring the user to provide their own Brave API key, or clearly explain the privacy and quota implications of the built-in key.