Back to skill
Skillv0.1.4
ClawScan security
Meyhem Capabilities · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 11, 2026, 3:33 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code, instructions, and requirements match its stated purpose: it sends user search queries to api.rhdxm.com and returns ranked capability results; it does not request unrelated credentials or perform unexpected local access.
- Guidance
- This skill is coherent and small: it simply sends your search query to https://api.rhdxm.com and returns results. Before using or enabling it, remember: (1) any text you send (including code snippets or examples) will be transmitted to that external API—do not include secrets or proprietary content; (2) verify you trust the api.rhdxm.com operator if you care about privacy; (3) you can review the included capabilities.py and the GitHub source to confirm behavior; (4) if you want to prevent the agent from sending queries autonomously, disable or restrict the skill in your agent settings.
Review Dimensions
- Purpose & Capability
- okThe name/description claim a search across MCP/OpenClaw capabilities. The files and SKILL.md implement a simple HTTP query to a public API (api.rhdxm.com) and require only python3 — all proportional to the stated purpose.
- Instruction Scope
- noteSKILL.md and capabilities.py only transmit the user's search query to api.rhdxm.com and print results; they explicitly state they do not read local files or env vars. Be aware that any user-provided text (including secrets) will be sent to the external API.
- Install Mechanism
- okNo install spec; one small Python script included. No downloads or archive extraction. Low installation risk.
- Credentials
- okNo environment variables, credentials, or config paths requested. The skill does not ask for unrelated secrets or system access.
- Persistence & Privilege
- okalways is false, no persistent installation steps, and the skill does not modify other skills or system settings. Agent autonomous invocation is allowed by default (normal behavior).