Crypto Interactive Research Framework - CIRF
PassAudited by ClawScan on May 1, 2026.
Overview
CIRF appears to be a benign prompt-only crypto research framework, with the main considerations being web research activity and locally saved workspace context.
Before installing, verify the source if provenance matters, use the default collaborative mode for oversight, avoid putting private information into web searches, and periodically review or delete saved workspace state.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may create local workspace files and send search queries or requested URLs to web-search/fetch providers while conducting research.
The skill expects the agent to write research outputs locally and use web research tools; this is aligned with the research purpose but is still meaningful tool authority.
"File System Access - WRITE" ... "workspaces/{project-id}/outputs/**/*.md" ... "Network Access - WebSearch" ... "Network Access - WebFetch"Use collaborative mode for sensitive topics, avoid including private data in searches, and review generated workspace files before reusing or sharing them.
Future research runs may be influenced by saved workspace settings, prior requirements, notes, or outputs.
The workspace template explicitly stores session variables and workflow history for later reuse, which is useful for continuity but can carry forward stale or user-supplied context.
"After conversation compact, agents restore context from this cache" ... "PERSISTENCE: Survives conversation compacts"
Review workspace.yaml and saved outputs periodically, and clear or edit old workspace state when switching topics or after sensitive research.
Users have less registry-level provenance information for confirming that the prompt files match the intended upstream project.
The registry metadata does not provide a verified source or homepage, although the skill is instruction-only and no executable install mechanism is present.
Source: unknown; Homepage: none
Verify the package against the declared project source before installing if provenance matters for your workflow.