Siphonclaw Skill
WarnAudited by ClawScan on May 10, 2026.
Overview
SiphonClaw has a coherent document-search purpose, but it asks for broad document indexing and persistent reuse while relying on external code and integrations that are not clearly bounded in the reviewed artifacts.
Install only if you are comfortable auditing the external GitHub project yourself. Before use, restrict ingestion to specific folders, avoid sensitive documents until deletion and retention behavior is clear, use scoped API keys, and do not expose Telegram, email, SSE, or API access without strong authentication.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent using this skill could ingest and index sensitive local or shared documents if given, inferred, or mistakenly supplied a broad path.
The ingestion tool is documented as accepting arbitrary absolute file paths, and the artifacts do not specify path allowlists, user confirmation requirements, or exclusions before indexing local files.
`file_path` | string | yes | Absolute path to the file to ingest
Require explicit user approval for each ingest path, restrict ingestion to user-selected directories, add exclusions for sensitive locations, and provide a dry-run list before indexing.
Private documents, photos, spreadsheets, or repair notes may become long-lived searchable memory and may influence future answers, including if inaccurate or sensitive notes are captured.
The skill is designed to persist indexed document content and field captures for future retrieval, but the artifacts do not define retention, deletion, access controls, review workflows, or limits on what content should be indexed.
Ingest PDFs, images, and spreadsheets into a searchable knowledge base with dual-track retrieval (text + visual), OCR, confidence scoring, and field capture.
Document where indexes are stored, how to delete them, what paths are excluded, how field notes are reviewed, and when stored content may be reused across tasks or users.
Users would be running unreviewed external code to handle documents, credentials, and MCP tools, so the clean scan of this registry package does not verify the actual implementation.
The reviewed package is instruction-only, but setup depends on external repository code and requirements that are not included in the registry artifact or static scan.
git clone https://github.com/curtisgc1/siphonclaw.git cd siphonclaw pip install -r requirements.txt
Publish the reviewed implementation with the skill, add an install spec, pin dependencies, provide hashes or releases, and ensure the registry metadata points to the exact audited source.
If configured, these credentials can grant access to model providers, messaging channels, email pipelines, or paid search APIs.
The README describes API keys and bot/email/search tokens even though registry metadata lists no required environment variables or primary credential.
OPENROUTER_API_KEY=sk-or-v1-xxxxx ... TELEGRAM_BOT_TOKEN=your-bot-token ... AGENTMAIL_API_KEY=your-agentmail-key ... BRAVE_SEARCH_API_KEY=BSA-xxxxx
Use least-privilege keys, set spending limits, avoid sharing tokens with unrelated workflows, and declare all supported credentials in the skill metadata.
Sensitive indexed knowledge could be exposed through bot, email, API, or MCP interfaces if access controls are weak or misconfigured.
The artifacts describe remote and multi-client access paths to the knowledge base but do not document authentication, user identity boundaries, authorization, or data exposure controls for those channels.
Access from anywhere -- Telegram bot, email pipeline, CLI, or Python API
Document authentication and authorization for every access channel, bind local servers safely by default, and require explicit opt-in before exposing the knowledge base over networked interfaces.