ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Kagi Enrich

v1.0.0

Search Kagi's unique non-commercial web (Teclis) and non-mainstream news (TinyGem) indexes for independent, ad-free content you won't find in regular search...

0· 569·0 current·0 all-time
byJozsef Lazar@joelazar

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for joelazar/kagi-enrich.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Kagi Enrich" (joelazar/kagi-enrich) from ClawHub.
Skill page: https://clawhub.ai/joelazar/kagi-enrich
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Canonical install target

openclaw skills install joelazar/kagi-enrich

ClawHub CLI

Package manager switcher

npx clawhub@latest install kagi-enrich
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description, SKILL.md, and code all consistently implement queries against Kagi's enrichment endpoints (https://kagi.com/api/v0/enrich/{web,news}). The included shell wrapper and Go binary are coherent with the stated goal of performing fast local queries. However, the registry metadata claims 'Required env vars: none' and 'Primary credential: none' while both the SKILL.md and main.go clearly require a KAGI_API_KEY — this metadata omission is an inconsistency.
Instruction Scope
SKILL.md and the code limit their actions to: (a) requiring a KAGI_API_KEY, (b) calling Kagi's enrich endpoints, and (c) optionally downloading/building a local binary. The wrapper prompts on tty before downloading a prebuilt binary and builds from local Go if available. There are no instructions to read unrelated system files or to send data to endpoints other than kagi.com (and GitHub for release metadata/binary).
Install Mechanism
There is no platform install spec in the registry, but the SKILL.md provides an explicit install flow: build from local Go 1.26+ or download a prebuilt binary from a GitHub releases URL (https://github.com/joelazar/kagi-skills/releases). Using GitHub releases is normal, but the wrapper only recommends verifying checksums and does not enforce verification; prebuilt binaries executed locally increase risk if you cannot verify the release artifacts. The download URL is not a shortened/personal server URL and uses the GitHub API to detect latest tag, which is reasonable.
!
Credentials
The code and documentation require a single environment secret: KAGI_API_KEY. That is appropriate and proportional for the described functionality. However, the registered skill metadata incorrectly lists no required env vars/primary credential. This mismatch is a packaging/inventory problem that could lead users to install without providing or reviewing the API key usage. No other secrets or unrelated credentials are requested.
Persistence & Privilege
The skill does not request 'always: true' and is user-invocable. It only creates a .bin directory under the skill/base directory when building or storing the downloaded binary (local scope). It does not modify other skills or system-wide configuration. The wrapper uses /dev/tty for an interactive download prompt, so behavior in non-interactive environments may differ.
What to consider before installing
This skill appears to implement exactly what it claims (queries Kagi's Enrichment API) and only needs your KAGI_API_KEY. However: (1) the registry metadata omitted the KAGI_API_KEY requirement — treat that as a packaging error and ensure you understand and consent to providing your API key; (2) the wrapper can download a prebuilt binary from the GitHub releases for joelazar/kagi-skills — verify the release author, inspect the release assets, and confirm checksums before running the binary (or prefer building locally with Go 1.26+); (3) the wrapper will prompt on /dev/tty before downloading, and the installer only recommends checksum verification (it does not enforce it); (4) review the GitHub repo and release history for the owner (joelazar) to ensure you trust the source; and (5) be aware using the skill consumes paid Kagi API queries (billing described in SKILL.md). If you are unsure, run the code in an isolated environment (container/VM) and build from source rather than executing prebuilt releases.

Like a lobster shell, security has layers — review code before you run it.

latestvk976pnshg8gfwkd9bdwaxn8mpn81kyfn
569downloads
0stars
1versions
Updated 7h ago
v1.0.0
MIT-0
Jozsef Lazar@joelazar
latest
Download

Kagi Enrichment

Search Kagi's proprietary enrichment indexes using the Kagi Enrichment API. These are Kagi's "secret sauce" — curated indexes of non-commercial and independent content that complement mainstream search results.

Two indexes are available:

IndexBackendBest for
webTeclisIndependent websites, personal blogs, open-source projects, non-commercial content
newsTinyGemNon-mainstream news sources, interesting discussions, off-the-beaten-path journalism

This skill uses a Go binary for fast startup and zero runtime dependencies. The binary can be downloaded pre-built or compiled from source.

Setup

Requires a Kagi account with API access enabled. Uses the same KAGI_API_KEY as all other kagi-* skills.

  1. Create an account at https://kagi.com/signup
  2. Navigate to Settings → Advanced → API portal: https://kagi.com/settings/api
  3. Generate an API Token
  4. Add funds at: https://kagi.com/settings/billing_api
  5. Add to your shell profile (~/.profile or ~/.zprofile): 
    export KAGI_API_KEY="your-api-key-here"
  6. Install the binary — see Installation below

Pricing

$2 per 1,000 searches ($0.002 per query). Billed only when non-zero results are returned.

Usage

# Search the independent web (Teclis index) — default
{baseDir}/kagi-enrich.sh web "rust async programming"
{baseDir}/kagi-enrich.sh "rust async programming"        # web is the default

# Search non-mainstream news (TinyGem index)
{baseDir}/kagi-enrich.sh news "open source AI"

# Limit number of results
{baseDir}/kagi-enrich.sh web "sqlite internals" -n 5

# JSON output
{baseDir}/kagi-enrich.sh web "zig programming language" --json
{baseDir}/kagi-enrich.sh news "climate change solutions" --json

# Custom timeout
{baseDir}/kagi-enrich.sh web "query" --timeout 30

Options

FlagDescription
-n <num>Max results to display (default: all returned)
--jsonEmit JSON output
--timeout <sec>HTTP timeout in seconds (default: 15)

Output

Default (text)

--- Result 1 ---
Title: SQLite Internals: How The World's Most Used Database Works
URL:   https://www.compileralchemy.com/books/sqlite-internals/
Date:  2023-04-01T00:00:00Z
       A deep-dive into how SQLite's B-tree storage engine, WAL journal...

--- Result 2 ---
...

[API Balance: $9.9980 | results: 15]

JSON (--json)

{
  "query": "sqlite internals",
  "index": "web",
  "meta": {
    "id": "abc123",
    "node": "us-east4",
    "ms": 386,
    "api_balance": 9.998
  },
  "results": [
    {
      "rank": 1,
      "title": "SQLite Internals: How The World's Most Used Database Works",
      "url": "https://www.compileralchemy.com/books/sqlite-internals/",
      "snippet": "A deep-dive into SQLite's B-tree...",
      "published": "2023-04-01T00:00:00Z"
    }
  ]
}

When to Use

  • Use web when you want independent, non-commercial perspectives on a topic — personal blogs, indie projects, academic pages, niche communities — results that mainstream search drowns out with SEO-optimized commercial sites
  • Use news when you want news and discussions from sources outside the mainstream media cycle — niche outlets, Hacker News threads, Reddit discussions, independent journalists
  • Combine with kagi-search for the most complete picture: kagi-search for high-quality general results, kagi-enrich web for independent voices, kagi-enrich news for alternative news angles
  • Use kagi-fastgpt instead when you need a synthesized answer rather than a list of sources

Note on result counts

The enrichment indexes are intentionally niche — they may return fewer results than general search. No results for a query means no relevant content was found in that index (and you won't be billed).

Installation

Option A — Download pre-built binary (no Go required)

OS=$(uname -s | tr '[:upper:]' '[:lower:]')
ARCH=$(uname -m)
case "$ARCH" in
  x86_64)        ARCH="amd64" ;;
  aarch64|arm64) ARCH="arm64" ;;
esac

TAG=$(curl -fsSL "https://api.github.com/repos/joelazar/kagi-skills/releases/latest" | grep '"tag_name"' | cut -d'"' -f4)
BINARY="kagi-enrich_${TAG}_${OS}_${ARCH}"

mkdir -p {baseDir}/.bin
curl -fsSL "https://github.com/joelazar/kagi-skills/releases/download/${TAG}/${BINARY}" \
  -o {baseDir}/.bin/kagi-enrich
chmod +x {baseDir}/.bin/kagi-enrich

# Verify checksum (recommended)
curl -fsSL "https://github.com/joelazar/kagi-skills/releases/download/${TAG}/checksums.txt" | \
  grep "${BINARY}" | sha256sum --check

Pre-built binaries are available for Linux and macOS (amd64 + arm64) and Windows (amd64).

Option B — Build from source (requires Go 1.26+)

cd {baseDir} && go build -o .bin/kagi-enrich .

Alternatively, just run {baseDir}/kagi-enrich.sh directly — the wrapper auto-builds on first run if Go is available.

The binary has no external dependencies — only the Go standard library.

Comments

Loading comments...