Facticity.AI Complete Integration
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: facticity-ai Version: 0.1.0 This skill is designed for legitimate integration with the Facticity.AI API, enabling fact-checking, claim extraction, transcription, and link reliability checks. All network requests are directed to the specified `https://api.facticity.ai` endpoint, and the `FACTICITY_API_KEY` is used as expected for authentication. The SKILL.md instructions are clear, focused on API interaction, and do not contain any prompt injection attempts to mislead the agent into performing unauthorized actions, exfiltrating data, or establishing persistence. While the use of `raw` command input could theoretically expose a vulnerability if the Facticity.AI API itself is susceptible to injection, the skill itself merely passes the intended user input and does not exhibit malicious intent or exploit such a vulnerability.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent can send fact-checking requests to the external Facticity.AI API and may consume API credits.
The skill uses raw HTTP requests to implement the integration. This is expected for an API-only skill, but it means the agent constructs network requests directly.
command-tool: http.request command-arg-mode: raw
Use the skill when you intend to call Facticity.AI, and monitor credit usage with the documented credits command.
Anyone able to use the configured skill could make requests against the associated Facticity.AI account.
The skill authenticates requests with the user's Facticity.AI API key. This is expected for the service integration but grants access to the user's API account and credits.
Headers:
- `X-API-KEY: ${FACTICITY_API_KEY}`Keep the API key private, rotate it if exposed, and avoid installing the skill in environments where untrusted users can invoke it.
Private or sensitive text submitted for fact-checking could be transmitted to Facticity.AI.
User-provided claims, text, URLs, and related task data are sent to the external Facticity.AI API. The destination is disclosed and purpose-aligned.
Endpoint: `POST {BASE_URL}/fact-check` ... "query": "<raw command input ...>"Do not submit confidential, regulated, or private content unless you are comfortable sharing it with the provider under its terms and privacy policy.
Users may treat the service's fact-checking results as more authoritative than warranted.
The README uses strong promotional accuracy and quality claims. These may encourage over-reliance on fact-checking outputs even though the artifacts do not substantiate the claim.
98.3% accuracy guaranteed
Treat results as decision support, review cited evidence, and avoid relying on the service as the sole authority for high-stakes claims.