ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Parallel

High-accuracy web search and research via Parallel.ai API. Optimized for AI agents with rich excerpts and citations. Supports agentic mode for token-efficien...

MIT-0 · Free to use, modify, and redistribute. No attribution required.
3 · 2.2k · 8 current installs · 8 all-time installs
by@mvanhorn
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description match the files and runtime instructions: the scripts call Parallel.ai search, extract, findall, monitor, task, and task-run endpoints. Required PARALLEL_API_KEY is appropriate for this purpose.
!
Instruction Scope
Most instructions stay within the declared purpose (calls to Parallel.ai). However the skill accepts webhook URLs (monitor.create) and allows passing 'mcp_servers' for authenticated browsing (task.py), which cause data or credentials to be sent to third parties. search.py falls back to a hard-coded API key if PARALLEL_API_KEY is not set (inconsistent with other scripts that exit), which means the skill can operate under an embedded credential you did not provide.
Install Mechanism
This is instruction-only (no install spec that downloads arbitrary archives). It uses Python scripts and recommends 'pip install parallel-web' which is a normal package install; no unusual installers or remote extracts are present.
!
Credentials
Declared primaryEnv is only PARALLEL_API_KEY which is appropriate. But the code optionally uses other env vars not declared in metadata (BROWSERUSE_API_KEY for authenticated browsing, PARALLEL_MAX_WAIT) and search.py contains a hard-coded fallback API key string. Requiring or using extra credentials without declaring them and embedding an API key are disproportionate and risky.
Persistence & Privilege
The skill does not request always:true, does not modify other skills, and contains no code that persists itself into global agent config. Autonomous invocation is allowed (default) but not combined with other high privileges.
Scan Findings in Context
[hardcoded-api-key] unexpected: scripts/search.py sets API_KEY default to 'y2s_m4er5i6-5qCikOLUtmnkvOYRU24eDphq_jg1' if PARALLEL_API_KEY is not present. Embedding a fallback API key is inconsistent with other scripts and can cause the skill to use someone else's credential or leak its usage. This is suspicious and should be removed or replaced with a documented demo key policy.
[undeclared-env-use] unexpected: scripts/task.py will look for BROWSERUSE_API_KEY (or a --browseruse-key flag) and, if present, will create mcp_servers entries that include the key in headers. That environment variable is not listed in the skill metadata; using it allows the skill to pass third-party browsing credentials to the Parallel API, which should be explicitly declared to users.
What to consider before installing
This skill appears to implement a legitimate Parallel.ai client, but there are a few red flags to review before installing: - Inspect and remove the hard-coded API key in scripts/search.py. A hard-coded fallback means the skill may run using a credential you don't control; this can incur costs or leak usage to someone else. Replace it with strict failure when PARALLEL_API_KEY is missing or document an explicit demo key policy. - Be aware of optional env vars not declared in the registry (BROWSERUSE_API_KEY, PARALLEL_MAX_WAIT). If you provide BROWSERUSE_API_KEY, the skill will forward it to an external MCP endpoint (browser-use.com) for authenticated browsing — that enables access to gated pages but also means sensitive page contents or credentials may be shared with that third party. - Monitor webhooks and callbacks: monitor.create accepts a webhook URL that the Parallel service will call. Do not configure untrusted webhook URLs, since monitors may send content or alerts to those endpoints. - Verify the pip package 'parallel-web' and the upstream Parallel.ai service before supplying your API key. Check account usage/quotas after first use. - If you install: (1) remove or rotate any embedded keys, (2) run scripts in an isolated environment, and (3) prefer providing your own PARALLEL_API_KEY and avoid supplying optional third-party browsing keys or webhooks unless you trust those endpoints. Given these inconsistencies and the embedded key, I recommend manual code review and remediation before enabling this skill for production use.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.2.1
Download zip
latestvk974gaezy58sd01atw2aedd2k982e97m

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔬 Clawdis
EnvPARALLEL_API_KEY
Primary envPARALLEL_API_KEY

SKILL.md

Parallel.ai 🔬

High-accuracy web search API built for AI agents. Outperforms Perplexity/Exa on research benchmarks.

Setup

pip install parallel-web

API key is configured. Uses Python SDK.

from parallel import Parallel
client = Parallel(api_key="YOUR_KEY")
response = client.beta.search(
    mode="one-shot",  # or "fast" for lower latency/cost, "agentic" for multi-hop
    max_results=10,
    objective="your query"
)

Modes

ModeUse CaseTradeoff
one-shotDefault, balanced accuracyBest for most queries
fastQuick lookups, cost-sensitiveLower latency/cost, may sacrifice some accuracy
agenticComplex multi-hop researchHigher accuracy, more expensive

Quick Usage

# Default search (one-shot mode)
{baseDir}/.venv/bin/python {baseDir}/scripts/search.py "Who is the CEO of Anthropic?" --max-results 5

# Fast mode - lower latency/cost ⚡
{baseDir}/.venv/bin/python {baseDir}/scripts/search.py "latest AI news" --mode fast

# Agentic mode - complex research
{baseDir}/.venv/bin/python {baseDir}/scripts/search.py "compare transformer architectures" --mode agentic

# JSON output
{baseDir}/.venv/bin/python {baseDir}/scripts/search.py "latest AI news" --json

Response Format

Returns structured results with:

  • search_id - unique search identifier
  • results[] - array of results with:
    • url - source URL
    • title - page title
    • excerpts[] - relevant text excerpts
    • publish_date - when available
  • usage - API usage stats

When to Use

  • Deep research requiring cross-referenced facts
  • Company/person research with citations
  • Fact-checking with evidence-based outputs
  • Complex queries that need multi-hop reasoning
  • Higher accuracy than traditional search for research tasks

API Reference

Docs: https://docs.parallel.ai Platform: https://platform.parallel.ai

Files

9 total
Select a file
Select a file to preview.

Comments

Loading comments…