Back to skill
Skillv1.0.5
ClawScan security
Bios Deep Research · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 10, 2026, 2:38 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requirements and instructions are internally consistent with a BIOS API client that supports either an API key or an x402 payment flow; nothing requested is disproportionate to that purpose.
- Guidance
- This skill appears coherent for calling the BIOS API and supporting crypto-payments, but take these precautions before installing: 1) Confirm the API domains (api.ai.bio.xyz and x402.chat.bio.xyz) and TLS certificates are legitimate for the service you expect. 2) Do not expose private keys or paste them into skill configs; prefer managed signers, hardware wallets, or Coinbase CDP as recommended. 3) Use a dedicated, funded wallet for x402 payments and verify the recipient address and amounts before signing. 4) Keep BIOS_API_KEY secret and only set it in the skill config if you trust the endpoint. 5) Confirm your environment isolates the skill workspace (skills/bios-deep-research/state.json) so stored conversationIds/results can't unintentionally leak. The skill's disable-model-invocation:true reduces autonomous risk; still review payment flows and signer choices carefully.
Review Dimensions
- Purpose & Capability
- okName/description, required binary (curl), optional BIOS_API_KEY, and the x402 payment flow all align with a networked API client for BIOS deep research. No unrelated credentials or binaries are requested.
- Instruction Scope
- noteRuntime instructions are narrowly scoped to making curl calls to two documented endpoints, storing a single state file at skills/bios-deep-research/state.json, and following a start/check-back heartbeat pattern. The guide explicitly says the agent must not handle private keys and to use pre-signed payment headers. Be aware the x402 operator doc includes sample code showing local private-key signing — that is an operator action and should be avoided in favour of managed signers or hardware wallets.
- Install Mechanism
- okInstruction-only skill with no install spec and a single small runtime dependency (curl). No downloads or archive extraction are present.
- Credentials
- noteNo required environment variables; BIOS_API_KEY is optional and appropriate for the API-key authentication path. The x402 payment flow correctly delegates signing to an external operator/ signer. The x402 setup doc contains examples that mention using raw private keys — the skill itself does not require storing keys, but operators must not expose private keys to the agent.
- Persistence & Privilege
- okSkill does not request always:true and has disable-model-invocation:true (user-invocable only), reducing autonomous risk. It only writes/reads its own state file and does not modify other skills or system-wide configuration.