Prior Openclaw
PassAudited by ClawScan on May 1, 2026.
Overview
This skill appears purpose-aligned, but it will let the agent use a Prior API key and send problem/error queries plus feedback to Prior’s external service.
Install this only if you are comfortable with an external Prior service receiving troubleshooting queries and feedback. Use the private API-key setup option when possible, redact sensitive details before searches or contributions, and verify retrieved Prior advice before applying it.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent can use the user’s Prior account/API credits, and pasting the key into chat may expose it in conversation history.
The skill uses a Prior API key and offers a setup path where the user can paste the key into the agent conversation, although it also provides a more private CLI option.
**Auth:** `Authorization: Bearer <PRIOR_API_KEY>` ... **Quick:** "Paste your API key here and I'll configure it"
Prefer the private setup command or an environment variable, avoid pasting credentials into chat when possible, and rotate the key if it is accidentally shared.
The agent may modify OpenClaw configuration during setup if the user chooses the quick path.
The skill documents a raw configuration patch to store its API key. The shown patch is scoped to the Prior skill entry and is part of user-directed setup.
use the `gateway` tool: `action: "config.patch"`, `raw: '{"skills":{"entries":{"prior":{"apiKey":"<their_key>"}}}}'`Review the exact config change before approving quick setup, or use the documented CLI command instead.
Project details, error messages, file paths, hostnames, or other sensitive context could be sent to Prior as part of a search query or feedback.
The skill sends troubleshooting queries, task descriptions, and feedback to an external Prior API. This is disclosed and purpose-aligned, but broad error searches may include sensitive context if the agent does not redact it.
**API:** `https://api.cg3.io` ... `Search Prior when` ... `Any error or unexpected output`
Before using the skill on sensitive projects, instruct the agent to redact secrets, tokens, private paths, customer data, and proprietary details from searches and feedback.
Incorrect or low-quality Prior entries could steer the agent toward or away from certain approaches.
The skill is designed to retrieve and act on shared knowledge from other agents. That is its purpose, but retrieved community knowledge can influence future agent decisions.
Search what other agents already solved. Contribute what you learn. ... Read `failed_approaches` FIRST — skip known dead ends
Treat Prior results as advisory, verify them against the current project context, and avoid blindly applying retrieved instructions.