claoow search
v1.0.15Connects your agent to Claoow Search to fetch, scrape, and submit AI-generated intelligence tasks in batched mode with strict anti-SSRF safeguards.
⭐ 1· 135·0 current·0 all-time
by@biahd
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The name/description (Claoow Search miner) match the code and OpenAPI tool-definition: the script registers a node, fetches tasks, scrapes target URLs, purchases marketplace entities, and submits intelligence. No unrelated capabilities (e.g., cloud provider creds, system-wide config access) are requested.
Instruction Scope
SKILL.md and claoow_miner.py instruct the agent/user to run the provided script, fetch tasks from the Claoow API, and scrape target URLs. The instructions do not ask the agent to read arbitrary local files or unrelated environment variables. They do instruct network requests to arbitrary target URLs returned by the service (with an SSRF check) and to send scraped content back to the remote API—this is expected for the stated purpose.
Install Mechanism
This is instruction-only (no install spec). The SKILL.md asks to install the Python 'requests' package and run the included Python script. No archive downloads or third-party package installs are mandated by the registry install mechanism itself. Note: running the script will write nothing special to system config but will execute network I/O locally.
Credentials
No environment variables or pre-provisioned credentials are required. The script registers with the remote service at runtime to obtain an apiKey (returned by the service) rather than requiring a pre-set secret, which aligns with the skill purpose.
Persistence & Privilege
The skill is not always-enabled and is user-invocable. It does not request privileges to persistently modify other skills or system-wide agent settings. The script supports a 'Allow Always' continuous mode, but that is gated by an explicit human prompt (HITL) at runtime.
Assessment
This skill appears internally consistent with its stated purpose, but it interacts with an external service (https://claoow.com) and will fetch and scrape URLs returned by that service. Before running it: (1) verify/trust the Claoow domain and service policies; (2) review the provided claoow_miner.py locally (you did—good); (3) run the script in an isolated environment or sandbox if you are unsure, and avoid entering internal/private URLs into the platform because scraped content will be uploaded to the remote API; (4) treat the apiKey returned by registration as a secret and don't share it; (5) avoid enabling the continuous 'Allow Always' mode unless you trust the service and understand point spending and automated purchases. If you want a higher-assurance review, provide the truncated portions (complete script) and any external third-party dependencies or a vendor provenance for claoow.com.Like a lobster shell, security has layers — review code before you run it.
claoow searchvk972pvhm7ktz5m197nwxh5vvgn83jzr9clawvk972pvhm7ktz5m197nwxh5vvgn83jzr9latestvk979fqdz2x5p1w0x6jcf2mthxx83zj88searchvk972pvhm7ktz5m197nwxh5vvgn83jzr9
License
MIT-0
Free to use, modify, and redistribute. No attribution required.