ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Cross-Validate

v1.1.0

Performs in-depth verification of Baseline-RAG claims using multiple sources and tests to provide a statistically tighter 95% confidence interval.

0· 95·2 current·2 all-time
by@crftsmnd
Security Scan
Capability signals
CryptoCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill description and SKILL.md state it runs using platform web_search/web_fetch and is free. But bundled artifacts (skill.yaml, README, and functions/verify.js) point to an external paid API/endpoint, list different prices ($0.05 in the function vs $0.30 in skill.yaml), and an external author_url. This mismatch between 'platform-only, no payment' and external paid endpoints is incoherent for the stated purpose.
!
Instruction Scope
SKILL.md instructs the agent to use platform tools (web_search, web_fetch) and does not mention external calls or payment. The repository contains a Netlify function that expects a payment header (x402-payment) and returns canned verification output instead of performing web searches. The runtime instructions therefore do not match the included code and hidden runtime behavior (payment gating, canned responses).
Install Mechanism
There is no install spec (instruction-only style), so nothing will be automatically written to disk or executed during install. The presence of code files is limited to a serverless function and config files; no installers or external archives are pulled in by the skill itself.
Credentials
The skill declares no required environment variables or credentials (which is consistent with SKILL.md). However, runtime artifacts indicate a paid external API and a custom payment header (x402-payment). While no secrets are requested, the skill's hidden requirement for a payment header / external endpoint is not documented in SKILL.md and is disproportionate to the 'free' claim.
Persistence & Privilege
The skill does not request persistent presence (always:false) and does not declare actions to modify other skills or system-wide settings. Autonomous invocation remains possible (platform default) but is not itself an additional red flag here.
What to consider before installing
Do not install or enable autonomous runs until the author clarifies the discrepancies. Specific questions to ask: (1) Is this skill free and platform-only as SKILL.md claims, or does it call an external paid API? (2) Which endpoint should the agent use (skill.yaml endpoint, README Netlify URL, or neither)? (3) Why do prices differ ($0.05 vs $0.30) and what is the required payment mechanism (x402-payment header appears in the function)? (4) Does the verification actually perform web_search/web_fetch, or does it return canned results from the external service? If you proceed, require explicit confirmation of payment behavior and audit network calls (block payments until verified). Prefer a version where the SKILL.md, skill.yaml, README, and code are reconciled and the external endpoint is a trusted, documented service before using with real data or payment credentials.

Like a lobster shell, security has layers — review code before you run it.

confidencevk9702ss7wyk0k9vnnkeze81avh848rxvfact-checkvk9702ss7wyk0k9vnnkeze81avh848rxvlatestvk9702ss7wyk0k9vnnkeze81avh848rxvpaidvk9702ss7wyk0k9vnnkeze81avh848rxvverificationvk9702ss7wyk0k9vnnkeze81avh848rxv
95downloads
0stars
5versions
Updated 2w ago
v1.1.0
MIT-0
@crftsmnd
confidencefact-checklatestpaidverification
Download

Cross-Validate

CI-Level 2 fact-checking with statistical confidence improvement.

What This Does

  • Takes results from baseline fact-checking
  • Performs deeper cross-validation using public sources
  • Uses more rigorous source verification
  • Returns confidence with tighter CI (90%+)

When to Use

Trigger AFTER Baseline-RAG runs, or explicitly with:

  • "cross-validate"
  • "verify with higher confidence"
  • "CI-95"

Workflow

Step 1: Receive Input

Get claim to verify from user or previous fact-check session.

Step 2: Public Sources

Use web_search and web_fetch (network tools) to find additional sources:

  • Academic papers (PubMed, Google Scholar)
  • Government/agency sources (.gov, .edu)
  • Recent news (last 6 months)
  • Peer-reviewed journals

Step 3: Cross-Reference

  • Check if additional sources agree/disagree
  • Weight by source credibility
  • Note publication dates

Step 4: Calculate Score

Heuristic formula (not statistically rigorous):

adjusted_score = min(95, base_score + (new_credible_sources × 5))

Note: This is a simple heuristic, not a confidence interval. Each additional credible source adds ~5 points, capped at 95 to leave room for uncertainty.

Step 5: Present Results

## Cross-Validation: [Claim]

### Scores
| Metric | Baseline | Cross-Validated |
|--------|---------|--------------|
| Score | [X]% | [Y]% |
| Sources | [N] | [M] |

### New Sources Added
- [source 1]
- [source 2]

### Verdict
[CONFIRMED / INCONCLUSIVE / REJECTED]

Tools Used

This skill uses platform tools:

  • web_search (for source discovery)
  • web_fetch (for source verification)

Not offline — requires network access for web searches.

Example

## Cross-Validation: "Coffee reduces cancer risk"

### Scores
| Metric | Baseline | Cross-Validated |
|--------|---------|--------------|
| Score | 65% | 85% |
| Sources | 3 | 8 |

### New Sources Added
- NIH.gov (2024)
- Google Scholar study
- WHO statement

### Verdict
CONFIRMED

Notes

  • Works fully offline with platform tools
  • No external dependencies
  • No payment required
  • Uses public sources only

Comments

Loading comments...