Skillv0.6.1

ClawScan security

Prior Openclaw · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 10, 2026, 3:49 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's purpose (searching a shared knowledge base) matches its behavior, but there are inconsistencies in the registry metadata and the instructions ask the agent to accept and store a secret API key into agent config (including a 'paste the key here' flow), which is sensitive and worth reviewing before install.
Guidance: This skill appears to be the integration it claims, but pay attention to secrets handling before installing: - Do not paste your PRIOR_API_KEY into a chat unless you trust the skill and the environment; prefer setting it via your shell environment (PRIOR_API_KEY) or the openclaw CLI (openclaw config set ...) yourself. - Clarify the registry mismatch: confirm whether the skill actually requires PRIOR_API_KEY and whether it will auto-store that key in OpenClaw config (skills.entries.prior.apiKey). - Understand where the key will be stored (~/.prior/config.json vs OpenClaw config) and who/what can read skills.entries.* in your environment; if uncertain, rotate the key after testing. - Review Prior's privacy/security docs (https://prior.cg3.io) and consider creating a limited-scope API key if supported. Proceed only if you are comfortable with the skill storing its API key in your agent config or can set the key yourself outside the chat.

Review Dimensions

Purpose & Capability: noteThe skill is a knowledge-search integration (Prior) and requests a PRIOR_API_KEY and a config path (~/.prior/config.json), which is coherent with its stated purpose. However, the registry metadata at the top of the report listed no required env vars while SKILL.md metadata declares PRIOR_API_KEY required — an inconsistency that should be clarified.
Instruction Scope: concernSKILL.md instructs the agent to perform network calls to api.cg3.io using Authorization: Bearer <PRIOR_API_KEY>, and to offer a 'Quick' setup in which the user pastes their API key into the conversation and the agent uses a gateway action (config.patch) to write the key to skills.entries.prior.apiKey. Asking the agent to accept a secret from the user in-chat and persist it into agent configuration increases the risk of exposure. Otherwise the instructions do not request unrelated files or credentials.
Install Mechanism: okThis is an instruction-only skill with no install spec and no bundled code — lowest install risk. All API calls are performed via node -e helper patterns (no downloads or third-party installers).
Credentials: concernRequiring a single service API key (PRIOR_API_KEY) is proportionate to a third‑party search integration. The concern is behavioral: the SKILL.md encourages users to paste the API key into chat for the agent to store, and suggests writing the key into OpenClaw config (skills.entries.prior.apiKey), which can broaden who/what can read it. Also the top-level registry metadata omitted the required env var, an inconsistency that should be resolved.
Persistence & Privilege: noteThe skill does not request always:true and does not contain other elevated flags. It does instruct the agent to modify the agent's config to store its API key (either via gateway config.patch or openclaw CLI). Writing its own config entry is a common pattern for zero‑setup, but it is a privileged operation with persistence implications (stored secrets may be accessible to other skills or processes).