ClawHub
Back to skill
v1.0.4

Kinema's Concept Re-Search

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 8:29 AM.

Analysis

This instruction-only research skill matches its stated purpose, but it uses external search/fetch tools and may clone or download research materials into a local project folder.

GuidanceThis skill appears safe to install as an instruction-only research helper. Before using it, avoid including confidential idea details in search queries unless you trust the configured search provider, and do not execute code from any repositories it clones without separate review.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
SKILL.md
GitHub Repo: Clone locally, read README ... PDF/Papers: Download and read

The workflow may bring untrusted repositories and documents from search results onto the local machine. The artifacts do not instruct code execution, so this remains purpose-aligned, but the source material is still untrusted.

User impactThe skill may leave local copies of third-party repos or papers that should not be treated as trusted software or safe documents by default.
RecommendationKeep downloaded materials in the scoped research folder, avoid running cloned code unless separately reviewed, and treat PDFs or other documents from search results as untrusted.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication
SeverityLowConfidenceHighStatusNote
SKILL.md
Search using searxng-search batch by batch ... Priority: searxng-search. If SearXNG not deployed, can use ddg-search.

The skill turns the user's concept into search queries and sends them through search providers; this is expected for the task, but the provider boundary matters for sensitive or proprietary ideas.

User impactConfidential product ideas or internal project details could be exposed as search queries if the user includes them in the concept description.
RecommendationUse a trusted/private search endpoint for confidential research, or remove sensitive details before asking the skill to search.