ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Sift

v2.3.0

Web search, research synthesis, fact verification, and entity extraction. The system's general research engine. Use for topic research, web lookups, fact-che...

0· 137·0 current·0 all-time
byIndigo Karasu@indigokarasu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's name/description (web research, synthesis, fact verification, entity extraction) aligns with the declared optional credentials (Brave, Exa, Tavily) and with the filesystem reads/writes (journals, data, Elephas intake). Reading Thread/Chronicle context and using tiered search providers is consistent with the research functionality.
!
Instruction Scope
Runtime instructions ask the agent to persist sessions, write journals, and emit Signal files to ~/openclaw/db/ocas-elephas/intake/ for entity promotion — behavior that will make researched data persistent and hand it off to another skill (Elephas). The instructions also mention reading conversation context, Chronicle, and potentially geolocation from other components; those data sources are not listed as explicit credentials but the skill will consume contextual/system data if available. The SKILL.md also instructs self-update behavior (pull latest from GitHub) and README claims registering a midnight cron for automatic updates — these are side effects beyond pure query/lookup work and expand runtime scope.
!
Install Mechanism
There is no formal install spec in the registry, but SKILL.md and README include an 'openclaw skill install https://github.com/indigokarasu/sift' line and describe automatic self-updates via a cron job. The registry provides no packaged install instructions or vetted release URL; self-update/auto-install behavior implies fetching code from GitHub at runtime, which increases risk and is not fully declared in the registry metadata.
Credentials
The skill lists optional API keys for the search/semantic providers (brave_search_api_key, exa_api_key, tavily_api_key) which are proportional to its function. No unrelated secrets are requested. However, it will write extracted entities and decisions to local intake/journal paths — this may surface or persist sensitive content into the system knowledge pipeline (Elephas/Chronicle), so users should consider whether that data flow is acceptable.
!
Persistence & Privilege
Although always:false, the skill claims to register a daily 'sift:update' cron job and to persist session/journal/entity files under the user's home directory. Scheduled self-updates and persistent writing into shared intake directories represent lasting changes and a broader blast radius (automatic downloads, ongoing background behavior, and cross-skill data flows). These persistent actions are not fully explicit in the registry install metadata.
What to consider before installing
What to consider before installing: - Data persistence: Sift will write journals, session data, and Signal files to ~/openclaw/... and will emit extracted entities to the Elephas intake; reviewed or sensitive queries can become persistent artifacts and may be promoted into a shared knowledge graph. If you handle sensitive data, decide whether to allow these write locations or to restrict them. - Self-update behavior: SKILL.md/README describe automatic self-updates and a cron job that pulls from GitHub. The registry has no formal install package; that means the skill expects to fetch code externally at runtime. Ask whether you want a skill that can download and update itself automatically — this increases risk and you should review the upstream GitHub repo before enabling. - External network calls: The skill will call free search providers (Brave/DuckDuckGo/SearXNG) and optional paid semantic providers (Exa/Tavily). Optional API keys are reasonable for this purpose; provide only keys you trust. If you prefer offline or air-gapped usage, do not supply provider keys and limit external tiers. - Cross-skill interactions: Sift writes to Elephas intake and may read Thread/Chronicle context. Confirm you trust those other skills and that their intake/promotion behavior is acceptable. - Checklist before install: inspect the upstream GitHub repository referenced in SKILL.md, confirm you accept automatic writes to ~/openclaw paths, decide whether to allow cron-based self-updates, and restrict or withhold API keys if you want to limit external queries. Because of the undeclared self-update/cron behavior and persistent cross-skill writes, this skill is coherent with its purpose but carries non-trivial persistence and remote-fetch risks — review the upstream source and decide whether to disable auto-updates or restrict filesystem paths before enabling.

Like a lobster shell, security has layers — review code before you run it.

latestvk9755dkvm4qen2da0qtdexfq9183rszm

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments