AOI Hackathon Scout (Lite)
PassAudited by ClawScan on May 1, 2026.
Overview
This skill appears to be a simple local read-only hackathon list/filter CLI, with no evidence of hidden crawling, submissions, credential theft, or data transfer.
This looks safe to install for local hackathon source filtering. Review your local context files before sharing outputs, and only run the optional Brave Search configuration if you intentionally want OpenClaw to use that API key.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the user enables Brave Search, OpenClaw may use that API key for web search and the key may be stored in local configuration.
The skill documents an optional Brave Search API key setup. This is disclosed and user-directed, and the included code does not use the key, but it is still a credential configuration users should apply intentionally.
openclaw config set tools.web.search.apiKey "BRAVE_API_KEY_HERE"
Only configure the Brave key if you need that optional search feature, use a limited key where possible, and disable it again if no longer needed.
Incorrect, stale, or private content in the shortlist/template files could be reflected in the CLI output or affect recommendations.
The CLI reads user-maintained local context files and uses their contents to produce recommendations. This is purpose-aligned and scoped, but the file contents directly influence the output.
const file = path.join(root, 'context', 'HACKATHON_SHORTLIST.md'); ... const text = fs.readFileSync(file, 'utf8');
Keep the context files curated, verify links and deadlines before acting, and do not store secrets or unrelated private data in the hackathon context files.