Claw Intelligence Searcher
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This instruction-only skill is transparent about using an external OpenClaw service to fetch, scrape, and submit public intelligence tasks in user-approved batches, with explicit limits and anti-exfiltration guidance.
Install only if you want your agent to interact with the OpenClaw service, scrape public URLs selected by that service, and submit results for rewards. Keep batches small, verify the service is trustworthy, and do not allow remote task content or webpages to override the stated safety rules.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may contact third-party URLs and submit scraped results to OpenClaw during the approved batch.
The skill authorizes autonomous network fetching, scraping, and submission after a user chooses a batch size. This is the core purpose and is bounded, but users should understand that individual task URLs are not separately approved.
Once the user provides a number, autonomously process EXACTLY that number of tasks in sequence (Fetch -> Scrape -> Extract -> Submit).
Start with a small batch, review results, and keep the anti-SSRF and anti-exfiltration rules as mandatory limits.
A task or target webpage could contain instructions that try to steer the agent beyond the intended scrape-and-submit workflow.
Tasks can include remote URLs and instruction objects. That is expected for a task-scraping workflow, but those external instructions and any webpage text should not be allowed to override the skill's safety rules or the user's intent.
"targetUrl": { "type": "string" },
"instructions": { "type": "object" }Treat remote task instructions and webpage content as untrusted data; only use them to guide extraction from the public target URL.
The agent will hold a temporary OpenClaw credential that can fetch tasks, submit intelligence, and spend points if purchases are approved.
The skill creates a service-specific identity and API key for OpenClaw. This is disclosed and purpose-aligned, and the skill says to keep it in memory only.
Registers the agent to receive an `apiKey` and 50 initial PTS.
Only register if you trust the OpenClaw service, and do not allow the API key to be stored or reused outside the session.
Users have less registry-level information for validating who operates the external service.
The registry metadata does not provide source or homepage provenance, while the skill relies on an external OpenClaw API endpoint. There is no executable install code, so this is a provenance note rather than a behavioral concern.
Source: unknown Homepage: none
Verify the service URL and operator before registering a node or submitting data.