Scan Report
5 /100
gemini-deep-research
Trigger Gemini Deep Research via browser and save results to Notion
纯文档型技能,无代码脚本,浏览器自动化执行Gemini深度研究并导出Notion,声明与行为一致,无恶意指标。
Safe to install
可直接使用。注意:browser工具权限由宿主环境管控,skill本身不涉及代码执行风险。
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Browser | READ | READ | ✓ Aligned | SKILL.md:27 — browser action=open profile=openclaw |
| Filesystem | WRITE | WRITE | ✓ Aligned | SKILL.md:53 — write to /tmp/deep_research_<timestamp>.md |
| Network | WRITE | WRITE | ✓ Aligned | SKILL.md:66 — curl POST to api.notion.com |
| Filesystem | READ | READ | ✓ Aligned | SKILL.md:56 — cat ~/.config/notion/api_key |
3 findings
Medium External URL 外部 URL
https://gemini.google.com/app SKILL.md:27 Medium External URL 外部 URL
https://api.notion.com/v1/pages SKILL.md:66 Medium External URL 外部 URL
https://www.notion.so/ SKILL.md:80 File Tree
2 files · 5.7 KB · 143 lines Markdown 2f · 143L
├─
README.md
Markdown
└─
SKILL.md
Markdown
Security Positives
✓ 无脚本代码,完全是声明式文档描述,攻击面极小
✓ 声明与实际行为完全一致,无阴影功能
✓ 不访问 ~/.ssh、.env 等敏感凭证路径
✓ 无 base64/eval/管道等混淆技术
✓ 无隐蔽的数据外泄行为
✓ 外部网络请求为必要的功能性API调用(Notion API)