ClawHub
Back to skill
v1.0.4

Octen Search

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 7:10 AM.

Analysis

This is a coherent web search skill that uses an Octen API key and sends search queries to Octen as disclosed.

GuidanceThis skill appears safe for its stated purpose. Before installing, make sure you are comfortable providing an Octen API key and sending search queries to Octen; avoid using it for confidential or secret information unless that data sharing is acceptable.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityLowConfidenceHighStatusNote
scripts/search.py
api_key = os.environ.get('OCTEN_API_KEY', '').strip() ... 'X-Api-Key': api_key

The skill reads a local API credential and uses it to authenticate requests to Octen; this is disclosed and expected for the search service.

User impactAnyone using the skill needs to provide an Octen API key, which may allow API usage or billing under that account.
RecommendationUse a scoped Octen API key if available, keep it out of logs and shared environments, and rotate it if it is exposed.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication
SeverityLowConfidenceHighStatusNote
scripts/search.py
ALLOWED_API_ENDPOINT = "https://api.octen.ai/search" ... body = { 'query': query, 'count': max(1, min(count, 20)) } ... data=json.dumps(body).encode('utf-8')

The user-provided search query and filters are sent to an external Octen API endpoint; the endpoint is hardcoded and disclosed.

User impactSearch terms may reveal sensitive topics or information to the Octen service.
RecommendationAvoid putting secrets, private customer data, or confidential internal details into search queries unless sending them to Octen is acceptable.