Grok Research
PassAudited by ClawScan on May 10, 2026.
Overview
This skill appears to do what it says: send the user’s crypto research query to a hardcoded Grok-compatible API, using an API key from the environment.
This skill looks straightforward and purpose-aligned. Before installing, verify that you trust the hardcoded API endpoint https://ai.a9.bot/v1, provide only an API key you are comfortable using for this service, and avoid sending secrets or private information in research queries.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone using the skill must provide an API key, and that key authorizes calls to the configured model API.
The skill uses an environment API key as a Bearer token for the external service. This is purpose-aligned, but it is credential use that users should recognize before installing.
const key = process.env.A9_GROK_API_KEY; ... Authorization: `Bearer ${getApiKey()}`Use a dedicated, least-privileged API key if available, and confirm that https://ai.a9.bot/v1 is the provider endpoint you intend to trust.
The text of the user’s research request is transmitted to an external API and its response is forwarded back.
The skill sends the user’s original query to an external model provider. This is disclosed and central to the skill, but users should avoid including secrets or private data in research queries.
Forward user's research query directly to Grok API. No extra prompts — what the user says is exactly what Grok receives.
Do not include private keys, credentials, unpublished trading plans, or other sensitive information in queries sent through this skill.
The skill may not run unless Bun is already installed, and the registry metadata may not fully describe the runtime prerequisite.
The usage documentation requires Bun, while the supplied metadata declares no required binaries and there is no install spec. This is a metadata/runtime declaration gap, not evidence of malicious behavior.
bun run grok-research.ts <query>
Confirm Bun is available in the intended environment and consider updating metadata to declare the runtime and required A9_GROK_API_KEY.