Yutori research
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: yutori-web-research Version: 1.0.1 The skill accesses the sensitive `~/.openclaw/openclaw.json` file to retrieve the `YUTORI_API_KEY` (as seen in `scripts/yutori-research.mjs`). It also makes external network calls to `api.dev.yutori.com` or `api.yutori.com` (via `scripts/yutori-research.mjs` and `SKILL.md`'s `curl` example). While these actions are aligned with the stated purpose of interacting with the Yutori API, accessing local sensitive files and performing external network communication are high-risk capabilities that warrant a 'suspicious' classification, as they could be misused if the skill's intent were different. There is no clear evidence of intentional malicious behavior like exfiltration to unrelated endpoints or persistence mechanisms.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill can spend or access whatever your Yutori API key permits for Research/Browsing tasks.
The runner uses a Yutori API key from the environment or OpenClaw config and sends it as an authentication header. This is purpose-aligned, but it uses account/API authority.
const API_KEY = process.env.YUTORI_API_KEY ?? loadKeyFromOpenClawConfig(); ... "x-api-key": API_KEY
Use a Yutori key with only the needed permissions and confirm YUTORI_API_BASE is set to the intended dev or production Yutori endpoint.
Sensitive research prompts, URLs, or extracted content may be processed by Yutori's cloud service.
Research prompts plus timezone/location context are sent to a cloud API endpoint. This is expected for a cloud research service, but it means task contents leave the local agent.
const API_BASE = process.env.YUTORI_API_BASE ?? "https://api.dev.yutori.com"; ... body: JSON.stringify({ query, user_timezone, user_location })Do not include confidential data unless you are comfortable sending it to Yutori, and set the production endpoint if you do not intend to use the default dev endpoint.
A poorly specified browsing task could interact with websites in ways the user did not intend.
The skill can delegate web navigation and form interaction to a cloud browser. This fits the stated browsing purpose, but website actions should remain explicitly user-requested.
Use the Browsing API when the user asks: ... “Fill a form / click through pages / collect items”
Give narrow browsing instructions and require confirmation before submitting forms, posting content, purchasing, logging in, or changing account data.
Install-time metadata may not warn that the skill needs a Yutori API key.
The registry metadata does not advertise the Yutori API key requirement even though SKILL.md and the script disclose and require it. This is an under-declaration, not hidden behavior.
Required env vars: none ... Env var declarations: none ... Primary credential: none
Treat this skill as requiring YUTORI_API_KEY and optionally YUTORI_API_BASE despite the metadata omission.