v1.0.0

LegiScan Bill Search

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 5:48 AM.

Analysis

This skill appears to do what it says—search LegiScan bills—but users should notice that it needs a LegiScan API key, the requests library, and optional scheduled execution.

GuidanceBefore installing, confirm you are comfortable providing a LegiScan API key, installing the requests Python package, and sending your chosen state and keyword searches to LegiScan. Use scheduled execution only if you want recurring monitoring.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

SKILL.md

Dependencies: Requires `requests`.

The skill documents a Python package dependency, but the artifact set has no install specification. This is not suspicious by itself, but users must provide or verify the dependency themselves.

User impactThe skill may not run unless the requests package is already installed, and the package source/version is not pinned by these artifacts.

RecommendationInstall requests from a trusted package index and, for stricter environments, pin a known-good version.

Rogue Agents

SeverityInfoConfidenceHighStatusNote

SKILL.md

Run the script directly or via a scheduled task (cron).

The skill suggests optional recurring execution. The artifacts do not create a cron job automatically, so this is user-directed and purpose-aligned for monitoring.

User impactIf scheduled, the script would continue making periodic LegiScan API requests until the user disables the schedule.

RecommendationOnly set up cron or another scheduler if ongoing monitoring is desired, and document how to disable it.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityLowConfidenceHighStatusNote

SKILL.md

Set `LEGISCAN_API_KEY` in your environment.

The skill requires a service API key. This is expected for LegiScan access, but users should be aware that it is credentialed API usage and the registry metadata lists no primary credential or required env var.

User impactThe skill will use the user's LegiScan API key to make LegiScan API requests.

RecommendationUse a LegiScan key intended for this purpose and avoid sharing command output or logs if they might contain credential-related error details.