Back to skill
Skillv1.3.0
ClawScan security
Searcher Os · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 16, 2026, 9:19 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requirements and runtime instructions are consistent with its stated purpose: it only calls the Searcher OS REST API and requests a single API key for authentication.
- Guidance
- This skill appears to do exactly what it claims: it calls Searcher OS APIs and only needs an API key. Before installing, ensure you: 1) only provide a Searcher OS API key scoped to an account you control (preferably a dedicated/instrumented key), 2) are comfortable with the agent being able to perform data-modifying actions (move/kill deals, create brokers, save/dismiss listings) — if not, restrict autonomous invocation or require manual confirmation, and 3) verify the API key and activity within your Searcher OS account (audit logs) after use. Also confirm your subscription level matches the SKILL.md note about required plans.
Review Dimensions
- Purpose & Capability
- okName/description match the SKILL.md: all declared tools and endpoints are Searcher OS REST API calls. The single primaryEnv (SEARCHER_OS_API_KEY) is appropriate for a remote API integration and there are no unrelated credentials, binaries, or config paths requested.
- Instruction Scope
- okInstructions only direct the agent to call the documented Searcher OS endpoints (get_context, tools discovery, pipeline/feed/inbox/broker/CIM APIs). There are no instructions to read local files, other environment variables, or to exfiltrate data to third-party endpoints.
- Install Mechanism
- okThis is an instruction-only skill with no install steps or code to write to disk, which is the lowest-risk model and matches the declared metadata.
- Credentials
- okOnly a single API key (SEARCHER_OS_API_KEY) is declared as required, which is proportionate and expected for API access. No unrelated SECRET/TOKEN/PASSWORD variables are requested.
- Persistence & Privilege
- noteThe skill does not set always:true and has no install behavior, but it can invoke modifying actions (move stage, kill deal, create broker, save/dismiss deals). disable-model-invocation is false (the platform default), so if allowed the agent could autonomously call those modifying endpoints — this is expected behavior but worth noting before granting the API key.