Geepers Corpus
PassAudited by ClawScan on May 1, 2026.
Overview
This instruction-only skill documents read-only corpus API queries, but users should verify the third-party API provider and treat the API key as sensitive.
Before installing, verify that https://api.dr.eamer.dev is the corpus provider you intend to use, use a dedicated API key, and avoid sending sensitive or private text unless you trust that service.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may use this key when making corpus API requests, so the key should be limited to this service and not reused elsewhere.
The skill instructs users to provide an API key. That is expected for an authenticated API service, but it is still a credential and the registry metadata does not declare a primary credential.
export DREAMER_API_KEY=your_key_here
Use a dedicated, least-privilege API key if available, and remove or rotate it when no longer needed.
Users have less information to confirm who operates the API endpoint before sending queries or using an API key.
The skill depends on an external corpus API, but the registry metadata provides no source or homepage for users to validate the service provenance.
Source: unknown Homepage: none
Verify the API provider and documentation out of band before installing or configuring credentials.
A user may assume the API is an official or familiar COCA service without confirming the actual provider.
The registry/skill naming, document title, and API host use different branding, which could confuse users about whether this is the expected corpus provider.
name: geepers-corpus ... # Dreamer Corpus ... Access the COCA corpus API at `https://api.dr.eamer.dev`.
Confirm the endpoint, branding, and terms of service before trusting results or supplying credentials.