Kagi Enrich
PassAudited by ClawScan on May 1, 2026.
Overview
The skill does what it claims—queries Kagi enrichment search APIs—but users should notice that it needs a paid Kagi API key and may build or download an executable.
This appears to be a purpose-aligned Kagi search skill. Before installing, make sure you are comfortable providing a Kagi API key, paying for API queries, and either building the included Go source or verifying any prebuilt binary downloaded from GitHub releases.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Searches will use the user's Kagi account and may incur Kagi API charges.
The code requires a Kagi API key and sends it as an authorization header to Kagi's API. This is expected for the advertised Kagi search function, but it is still account credential use tied to API billing.
apiKey := strings.TrimSpace(os.Getenv("KAGI_API_KEY")) ... req.Header.Set("Authorization", "Bot "+apiKey)Install only if you intend to use Kagi's paid API, keep the API key private, and consider using a key with the minimum access Kagi supports.
A user may end up running a prebuilt executable from a GitHub release rather than only the reviewed source code.
If no local binary is available, the wrapper resolves the latest GitHub release and can download an executable into the skill directory. It prompts before download, but the wrapper itself does not verify a checksum.
RELEASE_META="$(curl -fsSL "https://api.github.com/repos/joelazar/kagi-skills/releases/latest")" ... curl -fsSL "$URL" -o "$BIN" ... chmod +x "$BIN"
Prefer building from the included source when possible, or manually verify the release checksum before accepting the prebuilt binary download.
First use may compile and execute local code from the skill directory.
The shell wrapper compiles the provided Go source into a local executable and then runs it. This is disclosed in the skill documentation and is central to the tool's operation.
(cd "$BASE_DIR" && go build -o "$BIN" .) ... exec "$BIN" "$@"
Review the included source if desired before first use, and ensure the skill directory has not been modified by an untrusted party.