Safety Report

deep-scout

Name: deep-scout
Author: JonathanJing

Multi-stage deep intelligence pipeline (Search → Filter → Fetch → Synthesize). Turns a query into a structured research report with full source citations.

132Downloads

1Installs

0Stars

5Versions

Workflow Automation3,323 Search & Retrieval2,116 Database Management1,222 Networking & DNS1,102

Security Analysis

high confidence

Clean0.04 risk

The skill's code, prompts, and runtime instructions are coherent with its stated purpose (a multi-stage web research pipeline) and do not request unrelated credentials or unusual install actions.

Mar 4, 202611 files1 concern

Purpose & Capabilityok

Name and description (web search → filter → fetch → synthesize) match the actual behavior: it calls web_search/web_fetch, uses LLMs for filtering/synthesis, and optionally uses a local Firecrawl CLI or the browser tool. Required binaries (bash, python3, timeout/gtimeout) and included scripts are proportional to the described functionality.

Instruction Scopenote

SKILL.md and scripts explicitly instruct the agent to fetch arbitrary web URLs and feed extracted content to LLMs (expected for a research tool). The run.sh includes query sanitization and output-path restrictions as mitigations. Users should note that fetched page content (including snapshots) will be sent to the LLM — this is intended but a privacy consideration.

Install Mechanismok

No install spec (instruction-only) and included shell scripts only; no remote downloads are performed by an installer. The optional Firecrawl integration calls a local CLI if present. This is a low-risk install footprint.

Credentialsok

The skill requests no environment variables, no credentials, and no config paths. That aligns with its purpose: it leverages agent-provided tools (web_search, web_fetch, browser) rather than external API keys.

Persistence & Privilegeok

always:false (default) and no code attempts to modify other skills or system-wide agent settings. The skill writes its own state to a skill-local state file (deep-scout-state.json) — expected for resumability.

Guidance

This skill appears to do what it says: it runs a search → filter → fetch → synthesize pipeline using agent web tools and LLM prompts. Before installing, be aware of these practical points: 1) The skill will fetch arbitrary web pages and send their extracted text to the LLM — avoid using it for highly sensitive/private queries or internal URLs you don't want shared with the model. 2) It may run local shell scripts (run.sh, firecrawl wrapper). The package includes sanitization and an output-path check, which is good, but you can review those scripts yourself before enabling. 3) Firecrawl is optional and only invoked if present locally; otherwise the wrapper reports FIRECRAWL_UNAVAILABLE. 4) The agent will be able to invoke the skill normally (autonomous invocation is the platform default); if you prefer manual control, only call it interactively. If you'd like greater assurance, inspect scripts/run.sh and prompts locally, and test with non-sensitive queries first.

Latest Release

v0.1.4

Added simplified installation instructions to SKILL.md and README.md.

More by @JonathanJing

openclaw-dashboard

3 stars

rag-eval

2 stars

glass2claw

1 stars

Token Ledger (SQLite)

0 stars

openclaw-tally

0 stars

ground-control

0 stars

Published by @JonathanJing on ClawHub