Skillv1.0.0

ClawScan security

Kagi Fastgpt · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 21, 2026, 3:03 PM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill appears to implement a legitimate Kagi FastGPT client, but the registry metadata omitted the required KAGI_API_KEY and there are minor install/download risks you should verify before use.
Guidance: This package is functionally what it claims: a Kagi FastGPT client. Before installing: 1) Know it requires your KAGI_API_KEY (the registry metadata omitted this) — the key will be sent to kagi.com for each query and may incur charges, so use a key with appropriate billing limits and rotate it if shared. 2) If you plan to use the pre-built binary, verify the GitHub release and the checksums.txt referenced in SKILL.md; prefer building from source if you trust the repository. 3) The wrapper prompts interactively before downloading; in non-interactive environments it may fail. 4) Inspect the repo (github.com/joelazar/kagi-skills) and release artifacts yourself if you have concerns about executing third-party binaries. If you want this skill to be used safely, request the publisher update registry metadata to declare KAGI_API_KEY explicitly and provide a reproducible release/checksum provenance.

Review Dimensions

Purpose & Capability: concernName/description match the code: the Go binary calls Kagi's FastGPT API at https://kagi.com/api/v0/fastgpt. However, the registry metadata claims no required environment variables while both SKILL.md and main.go require KAGI_API_KEY — a clear inconsistency. Requesting a Kagi API key is proportionate to the stated purpose, but the metadata omission is misleading.
Instruction Scope: okRuntime instructions and code stay within the skill's stated purpose: they read KAGI_API_KEY, POST the query to Kagi's FastGPT endpoint, and print results and references. The SKILL.md does not instruct the agent to read unrelated files or exfiltrate data to unexpected endpoints.
Install Mechanism: noteThere is no formal registry install spec, but the included wrapper script will build locally or download a pre-built binary from GitHub releases (github.com/joelazar/kagi-skills). Downloading pre-built binaries from GitHub is reasonable, and the script recommends verifying checksums. Still, running downloaded binaries has inherent risk; the script prompts interactively before download and installs into a .bin directory under the skill base.
Credentials: concernThe skill legitimately requires a single KAGI_API_KEY (used as 'Bot <key>' in Authorization), which is proportional to the purpose. But the skill's registry metadata did not declare this required environment variable — the omission could lead users to unknowingly provide an API key later. No other credentials or unrelated env vars are requested.
Persistence & Privilege: okThe skill is not force-included (always:false), does not request system-wide config or modify other skills, and does not require elevated privileges. It writes its binary to the skill's .bin directory and may build from source; these are normal for a CLI-style skill.