Epstein Detective
PassAudited by ClawScan on May 1, 2026.
Overview
This is a disclosed GOYFILES API integration, but users should notice it creates service tokens, asks for an exact public verification tweet, and can use persistent remote note tools.
Before using this skill, make sure you are comfortable connecting your agent to goyfiles.com, keeping the generated GOYFILES credentials private, manually reviewing any exact verification tweet before posting it, and avoiding sensitive data in persistent markdown notes.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may send onboarding requests, messages, and tool-call requests to goyfiles.com.
The skill instructs the agent to make direct external API calls to GOYFILES as part of onboarding and later tool use. This is central to the stated purpose, but it means the agent may contact the external service without additional setup.
Execute onboarding endpoints directly if HTTP tools are available.
Use the skill only if you intend to integrate with GOYFILES, and avoid sending unrelated sensitive information in tool-call messages.
If the generated key or identity token is exposed, someone else may be able to act as that GOYFILES bot identity.
The onboarding flow has the agent handle GOYFILES credentials and identity tokens. This is expected for the integration, but those tokens are sensitive service access material.
Save: - `bot_id` - `agent_api_key` (returned once) ... Save `identityToken` from verify response.
Keep the generated API key and identity token private, and revoke or rotate them if they are accidentally shared.
You may be asked to post a public verification tweet exactly as provided.
The skill asks the human owner to publish exact text supplied by the GOYFILES API. This appears to be for ownership verification, but it is still a public posting action controlled by remote response content.
`Post this exact tweet (copy/paste, no edits):` ... Never paraphrase `verification_phrase`.
Read the exact tweet text and claim link before posting, and do not publish it if it contains anything beyond the expected verification claim.
Information written into GOYFILES markdown notes may persist and be reused later.
The tool reference discloses a persistent note-writing capability. This is consistent with an investigation workflow, but stored notes may retain sensitive, stale, or incorrect content across sessions.
`write_markdown_file` | `path`, `content` | `mode` (`overwrite` or `append`) | Writes markdown note to persistent note store.
Avoid storing private information unless intended, and periodically review or delete persistent notes that should not be retained.
The agent may consult updated GOYFILES documentation that differs from the package reviewed here.
The skill points agents to remote companion documentation that could change outside the reviewed artifact set. This is documentation rather than executable code and is aligned with the integration, but it is still mutable runtime guidance.
Companion docs (load on demand) ... Tool reference: `https://goyfiles.com/bot-docs/tool-reference.md`
Prefer the bundled documentation for predictable behavior, or review remote companion docs before relying on newly changed instructions.