Skillv1.0.0

ClawScan security

Search Bot · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 13, 2026, 1:40 AM

Verdict: Benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's requirements and runtime instructions are internally consistent with a real-time web-search service that routes queries through a third-party orchestrator, but it relies on a single spend token and a remote service (aiprox.dev) for both searching and summarization, which has privacy and billing implications the user should consider.
Guidance: This skill appears to do what it says: it sends your query to aiprox.dev, which performs Brave Search and uses an LLM to summarize results. Before installing, confirm you trust aiprox.dev (review their privacy and billing policies) because: (1) your queries (which may contain sensitive information) will transit a third party and external LLMs; (2) the required AIPROX_SPEND_TOKEN can be used to consume paid resources—treat it like a billing credential and rotate/revoke it if compromised; and (3) the skill's claims about transient storage are author-supplied and not verifiable from the skill alone. If you need stronger privacy, prefer a skill that calls the search provider directly under your control or that documents data retention and ownership clearly.

Purpose & Capability: okName/description (real-time web search + AI summary) match the SKILL.md instructions: it posts queries to airox.dev orchestrator which calls Brave Search and an LLM for summarization. The single required env var (AIPROX_SPEND_TOKEN) is plausible for a paid orchestration service.
Instruction Scope: noteInstructions explicitly send user queries and the spend token to https://aiprox.dev/api/orchestrate and rely on Brave Search + Claude (via LightningProx) for results and summaries. That scope is coherent for search, but it means queries and possibly sensitive context are routed through a third party and external LLMs—the SKILL.md claims transient handling, but that is an author statement and not verifiable from the skill alone.
Install Mechanism: okNo install spec and no code files (instruction-only), so nothing is written to disk or installed by the skill. This is low-risk from an install perspective.
Credentials: noteOnly one required env var (AIPROX_SPEND_TOKEN), which is proportionate to a paid orchestration endpoint. However, it is a spend/payment token—if compromised it can incur charges. No other unrelated credentials are requested.
Persistence & Privilege: okalways is false and the skill is user-invocable. It does not request elevated platform privileges or modify other skills. Autonomous invocation is allowed (platform default) but not elevated here.