moss
ReviewAudited by ClawScan on May 1, 2026.
Overview
This is a documentation-only Moss semantic search reference; it describes expected credentials, indexing, cloud sync, and deletion capabilities, but shows no hidden execution or deceptive behavior.
This skill appears safe as a documentation reference. Before using the Moss APIs it describes, make sure you understand where indexed documents are stored, whether cloud sync is enabled, how project keys are protected, and when delete operations should require confirmation.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a user or agent follows these API capabilities without care, Moss indexes or documents could be removed.
The documented API includes data-deleting actions. They are purpose-aligned for document lifecycle management, but users should treat them as high-impact operations if implementing the API.
`deleteIndex` - Remove index and assets; `deleteDocs` - Remove documents by ID
Use deletion operations only with explicit user intent, clear target IDs, and preferably confirmation or backups.
A Moss project key may allow access to project indexes and document operations, depending on Moss permissions.
The documentation requires Moss project credentials to access the service. This is expected for the described API integration and there is no evidence of credential logging, hardcoding, or unrelated use.
SDK requires project credentials: `MOSS_PROJECT_ID` ... `MOSS_PROJECT_KEY`
Use least-privilege project keys where available, avoid sharing keys in prompts or logs, and rotate keys if exposed.
Private or sensitive documents placed in an index could later be retrieved into model context or synced to cloud storage if enabled.
The documented workflows involve persistent searchable indexes, optional cloud synchronization, and automatic context injection. These are core to semantic search/RAG, but users should understand what data is stored and reused.
The platform handles embedding generation, index persistence, and optional cloud sync ... On each user message, automatically query Moss for relevant context ... Inject search results into LLM context
Index only appropriate data, define retention and sync settings, and validate retrieved context before using it for sensitive decisions.