Skillv1.0.0

ClawScan security

Kagi Summarizer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 21, 2026, 3:05 PM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill appears to implement a legitimate Kagi summarizer but the registry metadata omits the KAGI_API_KEY requirement declared in SKILL.md and enforced by the included binary — this metadata mismatch and a few install-time behaviors are inconsistent and warrant caution.
Guidance: Do not install blindly. The included code and SKILL.md require your KAGI_API_KEY even though the registry metadata omits that — confirm you are willing to provide that API key. If you proceed: 1) Prefer building from source with a trusted Go toolchain rather than running a downloaded binary; 2) If using the pre-built binary, verify the release tag and the checksum (checksums.txt + sha256sum) come from the official GitHub repo and match; 3) Be aware the wrapper may prompt interactively for download and will place the binary under {baseDir}/.bin; 4) Review network behavior — the binary will POST your text/URL and Authorization header to https://kagi.com/api/v0/summarize; only use it if you trust Kagi and the repository owner; 5) Ask the publisher/registry to fix the metadata to declare KAGI_API_KEY as a required credential so the requirement is visible before installation.

Review Dimensions

Purpose & Capability: concernThe skill's name, SKILL.md, and main.go consistently implement a Kagi Universal Summarizer that calls https://kagi.com/api/v0/summarize — that matches the stated purpose. However, the registry metadata lists no required environment variables or primary credential, while both SKILL.md and main.go require KAGI_API_KEY. The omission in metadata is an incoherence that could mislead users about what secrets the skill needs.
Instruction Scope: noteSKILL.md and the shell wrapper and Go binary keep scope limited to summarization via the Kagi API. The wrapper will build from source with Go or download a GitHub release and writes a binary to {baseDir}/.bin; it also prompts the user interactively before downloading. The code does not read other system files or extra environment variables. The interactive prompt (read from /dev/tty) and the fallback download behavior could be surprising in automated contexts and should be noted.
Install Mechanism: noteThe install script uses GitHub Releases (https://github.com/joelazar/kagi-skills/releases) for pre-built binaries and attempts to verify checksums via checksums.txt and sha256sum (recommended). Using GitHub releases is reasonable, but downloading and executing a remote binary is higher risk than a purely source build — users should verify the checksum and trust the release author. The script also attempts to build from local Go if available.
Credentials: concernAt runtime the program requires a single KAGI_API_KEY environment variable (proportionate to calling Kagi's API). The problem is the registry metadata does not declare this required credential; SKILL.md does. The discrepancy between declared requirements and actual runtime requirements is a meaningful red flag: the skill WILL need your Kagi API key even though the registry metadata says none.
Persistence & Privilege: okThe skill is not always-enabled, does not request elevated privileges, and only writes a binary into its own baseDir/.bin. It does not modify other skills or system-wide settings. Autonomous invocation is allowed by platform default but is not combined with other high-risk features here.