Aiseact
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may apply AISEACT's source-ranking and filtering methodology to ordinary web searches even when you did not ask for it.
This registry description instructs the agent to apply the skill broadly and regardless of user initiation, which conflicts with the SKILL.md claim that use is optional and user-controlled.
Description: AI Search Enhancement and Cross-verification Tool. ALWAYS USE when performing ANY web search, regardless of who initiated it - whether user explicitly asks,...
Remove the ALWAYS USE language from registry metadata and align invocation with explicit user requests or a clearly enabled opt-in mode; ensure skip/override commands are honored.
A user may believe the automatic-use problem was fixed when the registry description still encourages broad automatic use.
The provided registry metadata still contains 'ALWAYS USE' language, so this safety claim appears outdated or inaccurate.
Risk 3: Metadata/Configuration Mismatch ... Fixed ✅ ... "ALWAYS USE" replaced with explicit user request patterns
Update SECURITY.md and registry metadata together so the documented safety posture matches the actual published skill metadata.
Search results may be narrowed or weighted according to the skill's source-rating framework.
The skill intentionally instructs the agent to filter or avoid certain source categories. This is purpose-aligned for a search-quality skill, but it can affect which information the user sees.
Phase 1: Broad - multiple keywords, filter P4 ... ## Avoid - Content farms: Baijiahao, Toutiao - Political propaganda: Guancha, Epoch Times - Biased: Breitbart, InfoWars
Use the documented overrides such as 'Skip AISEACT,' 'Include [source],' or 'Show all sources' when you want unfiltered or alternative-source results.
It is harder to verify that the published skill matches the maintainer's intended version.
The registry does not identify a source or homepage, even though SECURITY.md refers users to an 'official repository.' Because the skill is instruction-only with no install spec or code, this is a provenance note rather than a high-risk supply-chain concern.
Source: unknown; Homepage: none
Before relying on it, review the installed files and confirm the publisher/source through a trusted channel.