ClawHub

Truthcheck

v0.4.4

Verify claims, fact-check content, check URL trustworthiness, and trace claims to their origin using the TruthCheck CLI. Use when: (1) user asks to fact-chec...

0· 660·2 current·2 all-time
byXiaobing Li@baiyishr
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description align with requirements: the skill simply wraps a truthcheck CLI. It requires the 'truthcheck' binary and optionally LLM/search API keys, all of which are coherent with fact-checking functionality.
Instruction Scope
SKILL.md confines runtime behavior to invoking the truthcheck CLI and using files/URLs provided by the user. It does not instruct reading unrelated system files. One claim — that API keys are 'never sent to any external service' — is a statement about behavior that cannot be confirmed from these instructions and could be misleading depending on how the CLI implements provider calls.
Install Mechanism
No install spec in the skill bundle (instruction-only). Installation instructions point to pip (pip install truthcheck) or an npx-based installer; these are standard package installation methods and not inherently suspicious.
Credentials
Declared env vars (GEMINI_API_KEY, OPENAI_API_KEY, ANTHROPIC_API_KEY, BRAVE_API_KEY) are directly relevant to optional LLM or search integrations. No unrelated credentials or system config paths are requested.
Persistence & Privilege
Skill does not request persistent/system-wide privileges, always:false, no config paths, and is user-invocable. It does not instruct modifying other skills or global agent settings.
Assessment
This skill is an instruction-only wrapper that calls an external truthcheck CLI. Before installing or running it: 1) Confirm the origin of the 'truthcheck' package (inspect the pip package or source repository) — the skill bundle contains no code to review. 2) Understand that providing LLM/search API keys grants the CLI access to those services and could incur charges; prefer local models (e.g., --llm ollama) if you want to avoid sending data to third parties. 3) Treat the SKILL.md statement that keys are 'never sent to any external service' as unverifiable here — if this matters, audit the truthcheck package source or monitor network calls. 4) Note a minor metadata inconsistency: bundled _meta.json reports version 0.4.0 while registry metadata lists 0.4.4 — consider confirming you have the intended release.

Like a lobster shell, security has layers — review code before you run it.

latestvk971xp4hfewgp3cbrbvry82tgd8383yh

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔍 Clawdis
Binstruthcheck

Comments