ClawHub

Bios Deep Research

v1.0.5

Run deep biological research using the BIOS API. Supports API key and x402 crypto payments (USDC on Base). Start-and-check-back pattern works across heartbeats.

0· 504·2 current·2 all-time
by@jmartink
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, required binary (curl), optional BIOS_API_KEY, and the x402 payment flow all align with a networked API client for BIOS deep research. No unrelated credentials or binaries are requested.
Instruction Scope
Runtime instructions are narrowly scoped to making curl calls to two documented endpoints, storing a single state file at skills/bios-deep-research/state.json, and following a start/check-back heartbeat pattern. The guide explicitly says the agent must not handle private keys and to use pre-signed payment headers. Be aware the x402 operator doc includes sample code showing local private-key signing — that is an operator action and should be avoided in favour of managed signers or hardware wallets.
Install Mechanism
Instruction-only skill with no install spec and a single small runtime dependency (curl). No downloads or archive extraction are present.
Credentials
No required environment variables; BIOS_API_KEY is optional and appropriate for the API-key authentication path. The x402 payment flow correctly delegates signing to an external operator/ signer. The x402 setup doc contains examples that mention using raw private keys — the skill itself does not require storing keys, but operators must not expose private keys to the agent.
Persistence & Privilege
Skill does not request always:true and has disable-model-invocation:true (user-invocable only), reducing autonomous risk. It only writes/reads its own state file and does not modify other skills or system-wide configuration.
Assessment
This skill appears coherent for calling the BIOS API and supporting crypto-payments, but take these precautions before installing: 1) Confirm the API domains (api.ai.bio.xyz and x402.chat.bio.xyz) and TLS certificates are legitimate for the service you expect. 2) Do not expose private keys or paste them into skill configs; prefer managed signers, hardware wallets, or Coinbase CDP as recommended. 3) Use a dedicated, funded wallet for x402 payments and verify the recipient address and amounts before signing. 4) Keep BIOS_API_KEY secret and only set it in the skill config if you trust the endpoint. 5) Confirm your environment isolates the skill workspace (skills/bios-deep-research/state.json) so stored conversationIds/results can't unintentionally leak. The skill's disable-model-invocation:true reduces autonomous risk; still review payment flows and signer choices carefully.

Like a lobster shell, security has layers — review code before you run it.

latestvk975er8069y330d9czkdwm7t7x82nnt6

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🧬 Clawdis
Binscurl

Comments