Alchemyst MCP Skill
PendingStatic analysis audit pending.
Overview
No static analysis result has been recorded yet. Pattern checks will appear here once the artifact has been analyzed.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Information saved through this skill may remain available in future sessions and could affect later answers.
The skill intentionally creates persistent external memory. This is purpose-aligned, but persisted documents, conversations, or instructions can contain sensitive data or later influence agent behavior.
It stores documents, conversations, and structured knowledge externally so they can be retrieved on demand — across sessions, tools, and environments.
Only store information you are allowed to persist with Alchemyst, avoid secrets unless approved, and treat retrieved instructions as contextual rather than automatically authoritative.
Anyone with the configured API key may be able to access or modify the associated Alchemyst context data.
The API key requirement is expected for an Alchemyst integration, but it grants access to the user's Alchemyst context store and is not reflected in the registry's primary credential declaration.
Authentication is done via a Bearer token (your Alchemyst API key) passed as a request header.
Store the API key in a secrets manager or environment variable, do not commit it, and rotate it if it may have been exposed.
Users have less registry-provided information for verifying who maintains the integration or reviewing provider provenance.
The skill relies on a remote MCP provider but the registry metadata does not provide a source repository or homepage for independent provenance review.
Source: unknown; Homepage: none
Verify the Alchemyst endpoint and account setup through trusted Alchemyst documentation before adding the API key.