Rewrite Question
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill’s rewriting purpose is coherent, but its code can use undeclared Gemini credentials and send query/history data to a configurable external URL.
Review this skill before installing. Use it only if you trust its code, understand which Gemini endpoint it will call, and are comfortable sending the user query, chat history, and QA/SQL context to that endpoint. Do not provide or expose Gemini credentials unless the endpoint is pinned to a trusted provider.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A Gemini API key or token could be sent to a non-Gemini or unintended endpoint if the API URL is overridden or misconfigured.
The skill can pair an invocation-supplied API URL with environment-sourced Gemini API keys or tokens, while the registry declares no credentials or required env vars.
gemini_api_url: input.gemini_api_url || process.env.GEMINI_API_URL || '',
gemini_api_key: input.gemini_api_key || process.env.GEMINI_API_KEY || '',
gemini_token: input.gemini_token || process.env.GEMINI_TOKEN || '',Declare the required credentials, pin or validate the provider host, and do not use stored environment credentials when the endpoint is supplied by the invocation unless the user explicitly approves it.
User questions, chat history, and QA/SQL context may be transmitted to an external service without clear user-facing disclosure or endpoint boundaries.
The Python code posts a payload to a configurable API URL; index.js builds that payload from the user's query, conversation history, QA pairs, and LLM credentials.
resp = client.post(self.api_url, json=payload, headers=headers)
Clearly disclose external LLM calls, restrict destinations to trusted provider endpoints, and give users control over what history or QA data is sent.
Installing or invoking the skill requires trust in the bundled Python code and the selected Python executable.
The JS entry point executes the Python skill implementation and passes the process environment. This is related to the implementation, but it is not reflected in the no-binary/no-install metadata.
const proc = spawn(PYTHON_BIN, ['-c', script, skillDir], {
env: { ...process.env },
});Declare the Python runtime requirement and avoid relying on an environment-selected executable unless the user intentionally configures it.
Users may not realize the skill has executable runtime code and undeclared runtime dependencies.
The registry describes the skill as instruction-only, but the manifest includes executable index.js and rewrite_question.py files that depend on Python/httpx behavior.
No install spec — this is an instruction-only skill.
Publish accurate install/runtime metadata, including Python and package requirements, and provide provenance for the executable code.