Skillv1.0.0

ClawScan security

Kagi Enrich · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 21, 2026, 3:04 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code and runtime instructions match its stated purpose (calling Kagi's enrich API), but the package metadata omits the required KAGI_API_KEY and the wrapper downloads a prebuilt binary from a GitHub release without enforcing checksum verification — these inconsistencies warrant caution.
Guidance: This skill appears to implement exactly what it claims (queries Kagi's Enrichment API) and only needs your KAGI_API_KEY. However: (1) the registry metadata omitted the KAGI_API_KEY requirement — treat that as a packaging error and ensure you understand and consent to providing your API key; (2) the wrapper can download a prebuilt binary from the GitHub releases for joelazar/kagi-skills — verify the release author, inspect the release assets, and confirm checksums before running the binary (or prefer building locally with Go 1.26+); (3) the wrapper will prompt on /dev/tty before downloading, and the installer only recommends checksum verification (it does not enforce it); (4) review the GitHub repo and release history for the owner (joelazar) to ensure you trust the source; and (5) be aware using the skill consumes paid Kagi API queries (billing described in SKILL.md). If you are unsure, run the code in an isolated environment (container/VM) and build from source rather than executing prebuilt releases.

Review Dimensions

Purpose & Capability: noteThe name/description, SKILL.md, and code all consistently implement queries against Kagi's enrichment endpoints (https://kagi.com/api/v0/enrich/{web,news}). The included shell wrapper and Go binary are coherent with the stated goal of performing fast local queries. However, the registry metadata claims 'Required env vars: none' and 'Primary credential: none' while both the SKILL.md and main.go clearly require a KAGI_API_KEY — this metadata omission is an inconsistency.
Instruction Scope: okSKILL.md and the code limit their actions to: (a) requiring a KAGI_API_KEY, (b) calling Kagi's enrich endpoints, and (c) optionally downloading/building a local binary. The wrapper prompts on tty before downloading a prebuilt binary and builds from local Go if available. There are no instructions to read unrelated system files or to send data to endpoints other than kagi.com (and GitHub for release metadata/binary).
Install Mechanism: noteThere is no platform install spec in the registry, but the SKILL.md provides an explicit install flow: build from local Go 1.26+ or download a prebuilt binary from a GitHub releases URL (https://github.com/joelazar/kagi-skills/releases). Using GitHub releases is normal, but the wrapper only recommends verifying checksums and does not enforce verification; prebuilt binaries executed locally increase risk if you cannot verify the release artifacts. The download URL is not a shortened/personal server URL and uses the GitHub API to detect latest tag, which is reasonable.
Credentials: concernThe code and documentation require a single environment secret: KAGI_API_KEY. That is appropriate and proportional for the described functionality. However, the registered skill metadata incorrectly lists no required env vars/primary credential. This mismatch is a packaging/inventory problem that could lead users to install without providing or reviewing the API key usage. No other secrets or unrelated credentials are requested.
Persistence & Privilege: okThe skill does not request 'always: true' and is user-invocable. It only creates a .bin directory under the skill/base directory when building or storing the downloaded binary (local scope). It does not modify other skills or system-wide configuration. The wrapper uses /dev/tty for an interactive download prompt, so behavior in non-interactive environments may differ.