Clawhub Skill
PassAudited by ClawScan on May 1, 2026.
Overview
This is a coherent claim-checking skill, but it sends claim text to an external service and references an optional unreviewed MCP npm package.
This skill appears safe to install as an instruction-only external verification helper if you are comfortable sending claim text to its provider. Avoid using it for confidential facts, review the service's privacy practices, and treat the optional MCP npm install and paid x402 usage as separate trust decisions.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private or sensitive claim text could leave the user's agent and be processed or aggregated by the external service.
The skill's core use sends the claim text to an external provider, and the trending feature indicates submitted or queried claims may be tracked or aggregated.
curl -X POST https://636865636b73756d.com/v1/verify ... -d '{"claim": "The USD to EUR exchange rate is 0.92"}' ... Get the top 100 most-queried claims in the last 24 hoursUse this skill for non-sensitive claims unless you have reviewed and trust the provider's privacy, retention, and data-use practices.
If a user chooses to install the optional MCP package, they would be trusting additional external code not reviewed here.
Although the skill itself has no install spec or code, the documentation points to a global npm package whose contents were not included in the reviewed artifacts.
MCP server: `npm install -g @636865636b73756d/mcp-v1`
Do not install the optional MCP package unless needed; inspect its package source, publisher, permissions, and lifecycle scripts first.