Bios Deep Research
ReviewAudited by ClawScan on May 1, 2026.
Overview
This instruction-only skill is coherent and disclosed, but it uses an external paid research API, optional API/payment credentials, and a small state file across heartbeats.
Before installing, decide whether you will use a BIOS API key or x402 payments. Confirm research mode costs, use a dedicated low-balance wallet for USDC payments, do not expose private keys to the agent, and clear the state file if you want to stop follow-up checks for a pending job.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your research questions and API/payment headers may be sent to BIOS or x402 endpoints when you ask the skill to run research.
The skill instructs the agent to make direct HTTP calls with curl, including authenticated API requests. This is expected for the BIOS integration, but users should recognize that prompts and headers go to the listed external services.
Use `curl` for all BIOS API calls. Do NOT use `web_fetch` — it does not support Authorization headers.
Use the documented endpoints only, avoid hardcoding secrets, and review paid research mode and cost before starting a request.
A configured API key or pre-signed payment header can authorize BIOS usage, consume plan credits, or spend the specified USDC amount.
The skill can use a delegated BIOS API key or pre-signed x402 payment headers. The artifacts disclose this and say private keys are handled externally, but these are still account/payment authorities.
`BIOS_API_KEY` | Optional ... Bearer auth to `api.ai.bio.xyz` ... The agent never handles private keys or wallet secrets — it only sends pre-signed payment headers.
Use a scoped BIOS key if available, sign x402 payments per request, confirm amount and recipient, and prefer a dedicated low-balance wallet for crypto payments.
If you use x402 payments, your signer environment will rely on external packages that could change over time.
The optional human setup guide installs third-party signing libraries without pinned versions. This is relevant to the x402 payment workflow and is not hidden, but it depends on external package supply chains.
pip install x402 httpx cdp-sdk ... pip install x402 httpx eth-account ... npm install @x402/core @x402/evm viem
Install signer dependencies in a trusted environment, consider pinning versions, and follow the guide’s advice to avoid primary-wallet private keys.
After starting a job, the skill may continue checking that job on later heartbeats or invocations until it completes, fails, or the state is cleared.
The skill keeps a small persistent state file so it can resume checking a long-running research job. The behavior is disclosed and bounded by one pending session and one poll per check-back.
State file: `skills/bios-deep-research/state.json` ... On each subsequent heartbeat or manual invocation ... Poll ONCE
Clear `skills/bios-deep-research/state.json` if you want to stop tracking a pending BIOS research job.