Skills
PassAudited by ClawScan on May 10, 2026.
Overview
This skill is a coherent SanctifAI integration, but users should be aware that it can send task details to an external human-in-the-loop service and uses an API token.
Before installing, confirm you want the agent to use SanctifAI for human review tasks. Approve each task’s content and cost, avoid sending secrets or sensitive personal data, and keep any SanctifAI API token secure. This review is based on the provided, truncated SKILL.md excerpt and the absence of code files.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent using this skill could submit work to humans and potentially set task pricing or callbacks as part of normal use.
The skill can create external human tasks and includes pricing and callback parameters. This matches the stated purpose, but users should notice that task creation may have cost and external effects.
create_task ... Optional: target_id, price_cents, metadata, callback_url, idempotency_key.
Use only when the user has approved the specific task details, expected cost, and any callback destination.
Anyone with the token may be able to access the account’s SanctifAI task functions.
The integration requires a SanctifAI API key for authenticated operations. This is expected, but the key grants access to the user's SanctifAI account.
Auth: ?access_token=sk_xxx ... Auth: Authorization: Bearer sk_xxx
Store the API key securely, avoid sharing configs containing it, and rotate it if exposed.
Information placed in tasks may be seen by SanctifAI and human workers, and responses may be delivered to configured callback URLs.
The core workflow sends task content to an external service and human responders, with optional webhook-based responses. This is disclosed and purpose-aligned, but it is a meaningful data boundary.
ask humans questions and get structured responses back ... receive webhooks when humans respond
Do not include secrets or unnecessary personal data in tasks, and verify callback URLs before use.