deep-research-engine Security Report — Low Risk | ClawSafe

20 /100

deep-research-engine

Autonomous deep research agent with multi-step web search, sub-agent delegation, and structured report generation

Deep research agent with legitimate web search, API-based content fetching, and file writing capabilities. The pre-flagged hardcoded IP (120.0.0.0) appears to be a placeholder/range notation, not active malicious code. No evidence of credential harvesting, data exfiltration, or undeclared functionality.

Skill Namedeep-research-engine

Duration39.2s

Enginepi

✓

Safe to install

Skill appears safe for use. The hardcoded IP notation should be replaced with a proper domain name or removed. Ensure API keys are stored securely and not logged.

Findings 3 items

Severity	Finding	Location
Low	Placeholder IP notation in pre-scan Pre-scan flagged 120.0.0.0 at line 46, but code review shows no active IP connection. The notation appears to be a placeholder or was misidentified by the scanner. No actual connection to this IP occurs in the code. `resp = httpx.get(url, headers=headers, timeout=timeout, follow_redirects=True)` → If 120.0.0.0 was intentional placeholder notation, replace with a proper domain name or remove. If a typo, no action needed.	`backend/agent.py:46`
Low	Undeclared filesystem write capability SKILL.md does not explicitly declare filesystem:WRITE permission, but the agent writes reports to /final_report.md and /research_request.md as part of its core functionality. ## Workflow: ... Write a comprehensive report to `/final_report.md` → Add filesystem:WRITE to the skill's allowed-tools declaration or document the file writing scope.	`SKILL.md:1`
Info	Dependency version constraints requirements.txt uses >= constraints without upper bounds, allowing potentially breaking changes to be installed automatically. `deepagents>=0.1.0` → Consider pinning to specific versions for reproducible builds.	`backend/requirements.txt:1`

Resource	Declared	Inferred	Status	Evidence
Network	`READ`	`READ`	✓ Aligned	httpx.get() calls to fetch web content via declared Tavily API integration
Filesystem	`NONE`	`WRITE`	✓ Aligned	Writes /final_report.md, /research_request.md - functional necessity, not hidden
Skill Invoke	`READ`	`READ`	✓ Aligned	Sub-agent delegation via create_deep_agent
Environment	`READ`	`READ`	✓ Aligned	Reads TAVILY_API_KEY, ANTHROPIC_API_KEY, GOOGLE_API_KEY for configuration

1 High 2 findings

📡

High IP Address 硬编码 IP 地址

120.0.0.0

backend/agent.py:46

🔗

Medium External URL 外部 URL

https://tavily.com/

README.md:46

File Tree

4 files · 13.8 KB · 407 lines

Python 1f · 213L Markdown 2f · 187L Text 1f · 7L

├─ ▾ 📁 backend

│ ├─ 🐍 agent.py Python 213L · 7.8 KB

│ └─ 📄 requirements.txt Text 7L · 139 B

├─ 📝 README.md Markdown 93L · 3.0 KB

└─ 📝 SKILL.md Markdown 94L · 2.9 KB

Dependencies 4 items

Package	Version	Source	Known Vulns	Notes
`deepagents`	`>=0.1.0`	pip	No	Version not pinned, >= constraint allows updates
`langchain`	`>=3.0.0`	pip	No	Major version pinned, acceptable
`tavily-python`	`>=0.5.0`	pip	No	Version not pinned
`httpx`	`>=0.27.0`	pip	No	Well-maintained HTTP client library

Security Positives

✓ No credential harvesting detected - API keys are only read for configuration, not exfiltrated

✓ No base64-encoded payloads or obfuscated code execution

✓ No direct IP connections to suspicious endpoints

✓ No access to sensitive paths like ~/.ssh, ~/.aws, or .env

✓ No subprocess or shell execution without documentation

✓ Web requests use standard httpx library with proper headers and timeouts

✓ Tavily API integration is declared and appropriate for the research use case

✓ Sub-agent architecture is documented in SKILL.md

Scan Report

Findings 3 items

File Tree

Dependencies 4 items

Security Positives