Wolfram Alpha
PassAudited by ClawScan on May 10, 2026.
Overview
This appears to be a straightforward Wolfram Alpha integration that sends the user's query and Wolfram App ID to Wolfram's API.
This skill looks safe for its stated purpose. Before using it, provide a Wolfram App ID through the environment and avoid sending sensitive private data in queries unless you are comfortable sharing that data with Wolfram.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill uses your Wolfram API credential to make queries on your behalf, which may count against your Wolfram account usage or quota.
The skill reads a Wolfram App ID from the environment and includes it in requests to the Wolfram|Alpha API. This is expected for the stated integration and is not evidence of misuse.
app_id = os.getenv('WOLFRAM_APP_ID') ... params = { "input": query, "appid": app_id }Use a dedicated Wolfram App ID if possible, keep it in an environment variable, and rotate it if it is exposed.
Anything included in a query may be sent to Wolfram's service.
The script sends the user's query to an external Wolfram|Alpha endpoint. This matches the skill purpose and is disclosed, but it is still an external data flow.
url = "https://www.wolframalpha.com/api/v1/llm-api" ... response = requests.get(url, params=params)
Do not include private, confidential, or regulated information in Wolfram queries unless that use is acceptable under your data-sharing requirements.