Clawapi Skill

The skill's declared purpose and required credential (CLAWAPI_KEY) match its instructions, but the SKILL.md contains detected prompt‑injection traces (unicode control characters) and marketing claims that merit caution before installing or providing a key.

Proceed cautiously. Verify the CLAWAPI_KEY only comes from a trusted ClawAPI account (don’t paste keys from unknown sources). Manually inspect the SKILL.md for hidden/invisible characters and for any hidden instructions. Treat marketing claims (no KYC, huge free tokens) skeptically and confirm them with the provider. If you decide to try it, create a limited-scope or test key, run the skill in a sandboxed environment, monitor network usage, and be prepared to revoke the key quickly if unexpected activity occurs. If you need higher assurance, request source code or an official vetted integration before providing secrets.