Oracle
ReviewAudited by ClawScan on May 1, 2026.
Overview
The skill is transparent about using an external Oracle CLI to send selected project files to another model, with disclosed but important risks around package trust, account/API use, remote browser automation, and stored sessions.
This skill appears coherent and purpose-aligned. Before using it, verify the @steipete/oracle package, preview exactly which files will be sent, exclude secrets and private data, confirm API-mode cost consent, secure any remote browser host, and delete stored sessions that contain sensitive project context.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the command gives the external CLI normal local process access for the selected workflow.
The documented workflow executes an external npm package on demand, and the command does not pin a package version. This is purpose-aligned, but users are trusting the referenced CLI package.
npx -y @steipete/oracle --help
Verify the npm package identity and publisher before use; consider pinning a known version such as @steipete/oracle@<version>.
Project files, prompts, errors, and other attached context may be uploaded to third-party model providers.
The core workflow sends selected local files and prompts to an external model through API or browser automation. This is disclosed and central to the purpose, but it crosses a data boundary.
Oracle bundles your prompt + selected files into one “one-shot” request so another model can answer with real repo context (API or browser automation).
Use dry-run and files-report first, attach only necessary files, and exclude or redact secrets, private customer data, credentials, and proprietary material that should not leave your environment.
If API mode is used, requests may be billed to the user's provider account.
The skill may use a local OpenAI API key when present, but it discloses this behavior and requires explicit consent for cost-incurring API runs.
Auto-pick: uses `api` when `OPENAI_API_KEY` is set, otherwise `browser`. ... API runs require explicit user consent before starting because they incur usage costs.
Confirm which engine will be used before running, require explicit approval for API mode, and use a scoped or dedicated API key where possible.
If misconfigured or exposed, a remote browser host could allow unintended access to browser automation tied to a signed-in account.
The optional remote browser mode can expose a browser automation service on all network interfaces, protected by a token. It is disclosed and optional, but it involves a signed-in machine and network-reachable control path.
Remote browser host (signed-in machine runs automation): Host: `oracle serve --host 0.0.0.0 --port 9473 --token <secret>`
Use remote browser hosting only when needed, bind to a trusted interface when possible, use a strong unique token, restrict network access, and stop the service after use.
Sensitive prompts, file summaries, or review outputs could remain on disk in Oracle session storage.
The workflow stores sessions locally for later reattachment and rendering. This is useful and disclosed, but stored prompts or review context may persist after the task.
Stored under `~/.oracle/sessions` (override with `ORACLE_HOME_DIR`). ... Attach: `oracle session <id> --render`
Avoid including secrets in prompts or attachments, set ORACLE_HOME_DIR to an appropriate location if needed, and clean up old sessions that contain sensitive context.