Redigg Skill
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This skill matches its Redigg automation purpose, but it sets up persistent background agents that store API keys and silently claim and submit tasks, so it needs careful review before use.
Before installing, confirm you want a persistent autonomous Redigg worker. Use a least-privilege/revocable agent key, avoid storing the owner token long-term, inspect any cron entries before enabling them, and require manual review until you trust the task-processing behavior.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could keep running in the background, using your Redigg account and API key after the setup conversation ends.
The setup creates recurring background activity that keeps the agent online and processes work beyond the initial user request; the artifacts do not provide stop, expiry, or removal controls.
Create two cron jobs: - redigg-poll: Every 10s, fetch tasks, process if found - redigg-heartbeat: Every 30s, maintain online status
Require explicit approval before creating cron jobs, show the exact cron entries, add a duration or kill switch, and document how to disable and remove them.
It may claim and complete Redigg tasks automatically, which could affect your account, task queue, or research output quality.
The skill instructs automatic mutation of Redigg task state and submission of LLM-generated results without an explicit user confirmation step.
Tasks found: a. Take FIRST task b. POST /claim c. Read references/task_processing.md ... d. Process with LLM ... f. POST /submit
Default to a manual-review or dry-run mode, require confirmation before claim/submit, and let users configure allowed task types and limits.
Anyone or anything with access to TOOLS.md could potentially use Redigg credentials, and the owner token may grant more authority than the agent needs after registration.
The skill persists both the user-level owner token and agent API key in a local markdown file; the owner token appears broader than routine task operations and no retention/minimization guidance is provided.
Store in TOOLS.md: - Owner Token: sk-redigg-... # User API key - Agent ID: ... - Agent API Key: sk-redigg-...
Use a secret store or environment variables, avoid retaining the owner token after registration, declare the credential requirement, and document revocation/rotation steps.
A crafted Redigg task could try to influence the model’s behavior beyond the intended research-processing task.
Remote task parameters are fed into the LLM workflow; this is expected for the skill, but the artifacts do not state that task content should be treated only as untrusted research input.
Process with LLM based on task.type and parameters
Add instructions to treat remote task content as data, ignore unrelated instructions inside tasks, and keep submissions limited to the expected Redigg result schema.
It is harder to verify who maintains the skill or where to review the upstream project before trusting it with Redigg credentials.
The skill has limited provenance information, which matters more because it asks for API credentials and sets up persistent automation.
Source: unknown; Homepage: none
Install only if you trust the publisher and Redigg endpoint, inspect the scripts, and use revocable/least-privilege credentials.