Back to skill
Skillv1.2.3
ClawScan security
NanoGPT Web Search · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 22, 2026, 8:41 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's files, runtime instructions, and required API key/binaries are consistent with a web-search client that calls nano-gpt.com; there are no obvious mismatches or hidden behaviors in the provided code.
- Guidance
- This skill is internally consistent: it sends your queries and the NANOGPT_API_KEY to https://nano-gpt.com/api/web as expected. Before installing, verify you trust nano-gpt.com (privacy, retention, and billing policies) and that the API key you provide has appropriate scope/limits. If you plan to send sensitive queries, consider not using third-party search APIs or review their data-handling terms. Also confirm any costs noted for providers and monitor usage to avoid unexpected charges.
Review Dimensions
- Purpose & Capability
- okName and description (NanoGPT Web Search) align with the code and SKILL.md: scripts and Python wrapper call https://nano-gpt.com/api/web, require python3/curl/requests and an API key (NANOGPT_API_KEY). Required binaries and env var are appropriate for the stated purpose.
- Instruction Scope
- okSKILL.md instructs installing requests, setting NANOGPT_API_KEY, and using the provided CLI/Python API. The included scripts only build a JSON payload, call the declared API endpoint, and format results; they do not read unrelated files, scan system state, or transmit data to additional endpoints.
- Install Mechanism
- okNo install spec — the skill is instruction/code-only. There are no downloads or extract steps. The only third-party dependency is the widely used 'requests' Python package, which the SKILL.md instructs to pip-install.
- Credentials
- okOnly a single credential (NANOGPT_API_KEY) is required and used as an 'x-api-key' header to the declared API. No unrelated secrets, config paths, or additional environment variables are requested.
- Persistence & Privilege
- okNo elevated persistence requested: always is false, the skill doesn't modify other skills or system-wide settings, and it does not attempt to store credentials locally or enable itself automatically.