Pallio AI
PassAudited by ClawScan on May 1, 2026.
Overview
This is a transparent instruction-only connector to Pallio’s chat API; the main consideration is that user questions and chat history are sent to Pallio.
This skill appears coherent and purpose-aligned. Before installing, understand that it connects to pallioai.com and sends your chat questions and conversation history there; avoid including secrets or sensitive personal information unless you trust that service.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Questions and prior conversation context may be transmitted to Pallio when using the skill.
The skill sends the user's message and conversation history to Pallio's external chat endpoint, which is expected for the service but means chat content leaves the local environment.
curl -s -X POST "https://pallioai.com/api/widget/chat" ... "message": "What topics do you cover?", "history": []
Avoid sending secrets or highly sensitive information unless you are comfortable with Pallio handling that content.
The active Pallio chat session depends on a temporary token that should not be exposed unnecessarily.
The skill uses a short-lived widget session token for subsequent requests. This is purpose-aligned and scoped to the chat session, but users should recognize it as session authorization material.
`token` — Session token (valid for 2 hours). Store this for all subsequent messages.
Treat the session token as temporary private session data and do not paste it into unrelated tools or conversations.