Clarity Variant
PassAudited by ClawScan on May 1, 2026.
Overview
This skill appears to be a read-only Clarity Protocol lookup tool, with minor notes around optional API-key use, external AI-generated content, and incomplete provenance/install metadata.
This appears safe for read-only Clarity Protocol lookups. Before installing, be aware that it contacts clarityprotocol.io, may use a CLARITY_API_KEY if you set one, and returns external AI-generated biomedical analysis that should be verified rather than blindly trusted.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If you set CLARITY_API_KEY, the skill can use that Clarity account/key for requests and rate limits.
The skill optionally reads a Clarity API key from the environment and sends it as an API header to the Clarity endpoint. This is disclosed and purpose-aligned, but it is still credential use.
API_BASE = "https://clarityprotocol.io/api/v1" ... api_key = os.environ.get("CLARITY_API_KEY") ... headers["X-API-Key"] = api_keyUse only a Clarity-specific key, avoid sharing the key in logs or prompts, and rotate it if you suspect exposure.
External annotations or summaries could be inaccurate or contain text that should not be treated as instructions to the agent.
The skill intentionally retrieves external AI-generated summaries, findings, and annotations that may be placed into the agent's context or shown to the user.
including AlphaFold structural data, AI-generated summaries, agent findings, and agent annotations
Treat returned summaries and annotations as untrusted reference data; verify important claims with primary sources and do not let retrieved text override your actual task.
It may be harder to verify that this package was published by the expected Clarity Protocol source.
Registry-level provenance metadata is incomplete even though the SKILL.md claims a Clarity Protocol homepage and the package includes runnable scripts.
Source: unknown; Homepage: none
Review the bundled scripts before use and verify the service/domain and publisher identity if provenance matters to your workflow.