ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Data Ground Truth

v1.0.1

Before presenting numbers in reports or recommendations, verify facts and check values against industry baselines.

0· 282·0 current·0 all-time
by@cutthemustard
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description match the runtime instructions: the skill verifies factual claims and benchmarks metrics by calling external verify/norm APIs. It does not request unrelated binaries, credentials, or config paths.
!
Instruction Scope
Instructions explicitly send natural-language claims and numeric metrics to external endpoints (verify.agentutil.net, norm.agentutil.net). The SKILL.md asserts 'No documents, user data, or file contents are transmitted', but there is no guidance to sanitize or obtain consent before sending claims extracted from user documents or datasets. That gap could lead the agent to exfiltrate sensitive or personally identifiable information inadvertently.
Install Mechanism
Instruction-only skill with no install spec or code files; nothing is written to disk and no external packages are pulled by the skill itself.
Credentials
The skill requests no environment variables or credentials (free tiers reportedly require none), which is proportionate. However it documents paid usage via 'x402' (USDC on Base) and uses remote APIs — network access allows data to leave the agent even without credentials, so lack of required env vars does not eliminate data‑leak risk.
Persistence & Privilege
always is false and the skill has no install hooks or claims to modify other skills or agent config. It is user-invocable and can be called autonomously by the agent (platform default), which is expected.
Scan Findings in Context
[no_scan_findings] expected: Regex scanner had no code files to analyze; this is an instruction-only skill so absence of findings is expected but gives no assurance about external API behavior.
What to consider before installing
This skill is coherent with its purpose but sends user-supplied claims and metric values to third-party APIs. Before installing or enabling it: 1) Confirm the vendor (agentutil.net) and review their privacy/data-retention policy. 2) Require explicit user consent before sending any numbers or claims derived from documents or datasets. 3) Sanitize/strip PII and only send minimal, necessary fields (e.g., metric name + value + category). 4) Test with non-sensitive dummy data and monitor outgoing network requests. 5) Be aware of pay-as-you-go costs and caching behavior (claims cached up to 1 hour). If you cannot guarantee that transmitted claims will never include sensitive information, treat this skill as higher risk or avoid using it.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

📊 Clawdis
latestvk97eetf8a1ympq913x039extah82n33y
282downloads
0stars
2versions
Updated 7h ago
v1.0.1
MIT-0
@cutthemustard
latest
Download

data-ground-truth

When presenting numbers, metrics, or statistics in reports, recommendations, or analysis — verify the facts and contextualize the figures against industry baselines. Combines verify (live fact-checking) with norm (statistical benchmarking).

When to Activate

Use this skill when:

  • Writing a report that cites specific metrics (revenue, churn, conversion rates)
  • A user shares their business numbers and asks "is this good?"
  • Comparing a metric to industry standards ("how does our 5% churn compare?")
  • Building a recommendation that depends on current market data
  • Presenting financial figures that may have changed since training
  • Analyzing a dataset and wanting to flag outliers against known baselines

Do NOT use for: opinions, qualitative assessments, or metrics with no established baseline.

Workflow

Step 1: Classify the data point

Determine whether each number is:

  • A factual claim (exchange rate, stock price, population) → route to verify
  • A business/performance metric (churn rate, NPS, response time) → route to norm
  • Both (e.g., "our conversion rate of 3.2% is above average") → check both

Step 2: Verify factual claims

For current facts (prices, rates, dates), use verify-claim.

MCP (preferred): verify_claim({ claim: "The USD to EUR exchange rate is 0.92" })

HTTP:

curl -X POST https://verify.agentutil.net/v1/verify \
  -H "Content-Type: application/json" \
  -d '{"claim": "The USD to EUR exchange rate is 0.92"}'

Handle verdicts per the verify-claim decision tree (confirmed → use, stale → update, disputed → present both sides, false → correct).

Step 3: Benchmark metrics against baselines

For business metrics, check where the value falls on the distribution.

MCP (preferred): norm_check({ category: "saas:churn_rate_monthly", value: 5.2, unit: "%" })

HTTP:

curl -X POST https://norm.agentutil.net/v1/check \
  -H "Content-Type: application/json" \
  -d '{"category": "saas:churn_rate_monthly", "value": 5.2, "unit": "%"}'

For multiple metrics at once:

curl -X POST https://norm.agentutil.net/v1/batch \
  -H "Content-Type: application/json" \
  -d '{"items": [{"category": "saas:churn_rate_monthly", "value": 5.2}, {"category": "saas:nps_score", "value": 45}]}'

Optional: add company_size (startup/smb/mid_market/enterprise) and region for more specific baselines.

Step 4: Present with context

When reporting findings, combine verification and benchmarking:

Data typeHow to present
Verified fact"The current [metric] is [current_truth] (verified live, [freshness])."
Benchmarked metric"[Value] is at the [percentile]th percentile — [assessment] for [category]."
Both"At [current_truth] (verified), this is [percentile]th percentile vs. industry ([baseline source])."
Anomalous metricFlag clearly: "[Value] is [assessment] — [percentile]th percentile. The typical range is [p25]-[p75]."

Assessment values from norm: very_low, low, normal, high, very_high, anomalous.

Available baseline categories

121 baselines across 14 domains. Browse with:

curl https://norm.agentutil.net/v1/categories

Common categories: saas:churn_rate_monthly, saas:nps_score, saas:ltv_cac_ratio, ecommerce:cart_abandonment_rate, infrastructure:api_latency_p99, infrastructure:uptime_percentage.

Data Handling

This skill sends claims (natural language text) and metric values (category identifiers + numbers) to two external APIs. No documents, user data, or file contents are transmitted.

Pricing

  • Verify: 25 free/day, then $0.004/query
  • Norm: free category listing, $0.002/check or $0.001/batch item
  • Full ground-truth check (verify + norm): ~$0.006 per data point

All via x402 protocol (USDC on Base). No authentication required for free tiers.

Privacy

No personal data collected. Claims cached up to 1 hour (verify), metric checks are stateless (norm). Rate limiting uses IP hashing only.

Comments

Loading comments...