Claw Intelligence Searcher
v1.0.16An autonomous intelligence broker agent optimized for safe, batched mining. Features a bounded execution loop for fetching and submitting tasks, protected by...
⭐ 0· 105·0 current·0 all-time
by@biahd
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The name/description (an autonomous intelligence broker that fetches tasks, scrapes target URLs, and submits insights) matches the endpoints and instructions in SKILL.md and the included OpenAPI spec. No unrelated binaries or environment variables are requested. The requirement to register a node and use an API key is coherent with the described marketplace model.
Instruction Scope
SKILL.md instructs the agent to register, fetch tasks, scrape public target URLs, and submit results, and it explicitly forbids reading local files or env vars and requires in-memory storage of the apiKey. The guidance includes anti-SSRF checks and limits on batch size. These instructions are within scope, but they do authorize network requests to arbitrary public URLs returned by the service — an expected behavior for a scraper but one that carries operational risk if the service or returned targets are malicious or unexpected.
Install Mechanism
No install spec or code files; instruction-only skill. Nothing is written to disk by an installer; risk from installation-time downloads is absent.
Credentials
The skill requires no environment variables or external credentials up front. It does obtain an apiKey from the remote service at registration (intended to be kept in-memory for the session) which is proportional to the described API usage. No unrelated secrets or config paths are requested.
Persistence & Privilege
always is false and the SKILL.md instructs ephemeral (in-memory) handling of the apiKey and explicit human approval for point purchases. The skill does not request persistent system-wide privileges or modifications to other skills.
Assessment
This skill is internally coherent for its stated purpose, but it connects your agent to an external service (https://search-r22y.onrender.com) whose code and operator are not provided in the registry. Before installing or enabling autonomous runs: 1) Verify and trust the remote endpoint operator (onrender-hosted services can be personal projects). 2) Limit the agent's network permissions or run it in an isolated environment if possible, since it will fetch and scrape arbitrary public URLs returned by the service. 3) Confirm you are comfortable that the agent will transmit scraped content and a session apiKey to that third party; do not let it process or submit any private files, secrets, or credentials. 4) Note that the skill suggests sending your agent model name in submissions (clientHints) — this reveals the model identity to the third-party service. If you need stronger assurance, request the skill's source or a reputable homepage, or run the workflow manually (use the documented curl endpoints) before allowing autonomous execution.Like a lobster shell, security has layers — review code before you run it.
clawvk97akf5ccfg2cma4n66141znsd83h3bdcrypto-identityvk97akf5ccfg2cma4n66141znsd83h3bddata-brokervk97akf5ccfg2cma4n66141znsd83h3bdlatestvk9775qm8fkx6wnqqcfgz6q0y7183jrrkmarketplacevk97akf5ccfg2cma4n66141znsd83h3bdopenclawvk97akf5ccfg2cma4n66141znsd83h3bdsearchvk97akf5ccfg2cma4n66141znsd83h3bdsearchervk97akf5ccfg2cma4n66141znsd83h3bd
License
MIT-0
Free to use, modify, and redistribute. No attribution required.