← Back to Skills Marketplace
Research Logger Pro
by
aiwithabidi
· GitHub ↗
· v1.0.0
704
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install research-logger-pro
Description
Auto-saves deep search results to SQLite and Langfuse. Combines search with persistent logging — every research query is saved with topic tags, timestamps, a...
Usage Guidance
This skill largely does what it claims (logs Perplexity search results to a local SQLite DB and to Langfuse tracing), but it ships with hard-coded Langfuse keys and a default Langfuse host that will cause your research queries and results to be sent to that tracing instance by default. Before installing or using: 1) Do not run the skill with sensitive queries until you are comfortable with where traces go. 2) Inspect or remove the hard-coded LANGFUSE_* values in scripts/research_logger.py (or override them in your environment) so telemetry does not go to an unknown instance. 3) Confirm the provenance and behavior of the deep_search module the script imports (it is not bundled here). 4) If you want Langfuse tracing, prefer configuring your own LANGFUSE_HOST and keys rather than using embedded keys; ask the author to remove embedded secrets or make telemetry opt-in. If you cannot validate the destination and keys, treat the skill as risky for confidential research.
Capability Analysis
Type: OpenClaw Skill
Name: research-logger-pro
Version: 1.0.0
The skill bundle is classified as suspicious due to two main security concerns found in `scripts/research_logger.py`. Firstly, it hardcodes Langfuse API keys (e.g., `sk-lf-115cb6b4-7153-4fe6-9255-bf28f8b115de`), which is a vulnerability as it exposes credentials. Secondly, the script imports and passes unsanitized user input (`args.query`) to an unprovided external script, `deep_search.py`. While `research_logger.py` itself uses parameterized queries to prevent SQL injection in its SQLite operations, the unknown implementation of `deep_search.py` creates a significant blind spot and a potential shell injection vulnerability if it executes the query in a shell. There is no evidence of intentional malicious behavior like data exfiltration or persistence.
Capability Assessment
Purpose & Capability
Name/description (save search results to SQLite + Langfuse) matches the code: the script runs searches (via an external deep_search module), persists results to a SQLite DB in the agent workspace, and optionally records traces to Langfuse. Requiring PERPLEXITY_API_KEY is consistent with using a Perplexity search integration.
Instruction Scope
SKILL.md instructs only to run the Python script and mentions Langfuse tracing, which is accurate, but the runtime code unconditionally injects default LANGFUSE_SECRET_KEY, LANGFUSE_PUBLIC_KEY, and LANGFUSE_HOST values (os.environ.setdefault). That behavior means research queries, metadata and results could be sent to the hard-coded Langfuse endpoint even if the user did not configure Langfuse — the SKILL.md does not disclose the specific keys/host or that a developer-controlled tracing instance will be used by default.
Install Mechanism
There is no install spec (instruction-only skill with one script). Nothing is downloaded or extracted during install, which limits risk. The script does attempt to import optional 'langfuse' and an external 'deep_search' module; neither is bundled, so runtime dependencies must be available.
Credentials
Declared required env var is only PERPLEXITY_API_KEY which is proportional. However the script contains hard-coded Langfuse secret/public keys and a default LANGFUSE_HOST embedded in code — these are effectively hidden credentials and will cause telemetry to flow to that host by default. The SKILL.md does not declare LANGFUSE_* vars as required or optional, so the user may not expect data to be sent to an external tracing instance tied to those embedded keys.
Persistence & Privilege
The skill writes to a SQLite DB under ~/.openclaw/workspace/.data/sqlite/agxntsix.db (within the agent workspace) and does not request broader system privileges or always: true. It doesn't modify other skills or system-wide configs.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install research-logger-pro - After installation, invoke the skill by name or use
/research-logger-pro - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Auto-saves deep search results to SQLite and Langfuse
Metadata
Frequently Asked Questions
What is Research Logger Pro?
Auto-saves deep search results to SQLite and Langfuse. Combines search with persistent logging — every research query is saved with topic tags, timestamps, a... It is an AI Agent Skill for Claude Code / OpenClaw, with 704 downloads so far.
How do I install Research Logger Pro?
Run "/install research-logger-pro" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Research Logger Pro free?
Yes, Research Logger Pro is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Research Logger Pro support?
Research Logger Pro is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Research Logger Pro?
It is built and maintained by aiwithabidi (@aiwithabidi); the current version is v1.0.0.
More Skills