Familysearch
PassAudited by ClawScan on May 1, 2026.
Overview
The skill appears purpose-aligned for genealogy research, but it handles FamilySearch OAuth tokens and personal family-history data.
This skill looks coherent for genealogy research. Before installing, be comfortable with it reading GEDCOM files you provide, querying FamilySearch with your OAuth token in API mode, and potentially caching family-history results locally.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked, the agent may read the GEDCOM file path you provide and may send search details to FamilySearch for API lookups.
The skill exposes local Python helper commands for live API queries and local GEDCOM-file parsing. This is expected for the purpose, but the commands can process personal family-tree data.
python scripts/familysearch.py <command> [args] ... python scripts/gedcom_query.py <gedcom_file> <command> [args...]
Provide only intended GEDCOM files and genealogy search details, and review command use when working with sensitive family information.
Installing and using API mode gives the skill access to query FamilySearch as your account token permits.
The script reads a FamilySearch OAuth token from an environment variable or a specifically named macOS Keychain item, then uses it as a bearer token for FamilySearch API requests. This credential use is disclosed and purpose-aligned.
token = os.environ.get("FAMILYSEARCH_TOKEN")
...
["security", "find-generic-password", "-a", "familysearch-token", "-s", "openclaw-familysearch-token", "-w"]
...
"Authorization": f"Bearer {token}"Use a token with only the access needed for genealogy queries, store it securely, and remove or rotate it when no longer needed.
Family-history details may be retained locally or reused in later analysis if the agent follows the caching guidance.
The instructions encourage local caching and reuse of genealogy results alongside user-provided oral history. This is coherent with the skill, but it involves persistent handling of personal family data.
FamilySearch API is free but rate-limited — cache results locally ... Cross-reference API/GEDCOM data with stories the user shares conversationally
Ask where cached data will be stored, limit retention when possible, and avoid sharing sensitive living-person details unless needed.
You have less external provenance information to verify the maintainer or project history.
The package does not provide an upstream source or homepage. The included artifacts do not show dependency installation or hidden downloads, so this is a provenance notice rather than a security concern.
Source: unknown Homepage: none ... No install spec — this is an instruction-only skill.
Review the included scripts before use and prefer trusted sources for skills that handle personal or account-linked data.