Pallio AI
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: pallio Version: 1.0.0 The 'pallio' skill provides standard instructions for an AI agent to interact with the Pallio AI RAG service via its public widget API (pallioai.com). It uses curl to initialize sessions and send chat messages, requires only a non-sensitive persona ID environment variable, and contains no evidence of data exfiltration, malicious execution, or prompt injection attacks.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Questions and prior conversation context may be transmitted to Pallio when using the skill.
The skill sends the user's message and conversation history to Pallio's external chat endpoint, which is expected for the service but means chat content leaves the local environment.
curl -s -X POST "https://pallioai.com/api/widget/chat" ... "message": "What topics do you cover?", "history": []
Avoid sending secrets or highly sensitive information unless you are comfortable with Pallio handling that content.
The active Pallio chat session depends on a temporary token that should not be exposed unnecessarily.
The skill uses a short-lived widget session token for subsequent requests. This is purpose-aligned and scoped to the chat session, but users should recognize it as session authorization material.
`token` — Session token (valid for 2 hours). Store this for all subsequent messages.
Treat the session token as temporary private session data and do not paste it into unrelated tools or conversations.