Metaso Search V2
PassAudited by ClawScan on May 10, 2026.
Overview
This looks like a normal Metaso search/chat connector, but it uses your Metaso API key and sends searches, URLs, and chat prompts to Metaso.
This skill appears safe for its stated purpose if you are comfortable using Metaso as the external search/chat provider. Configure only the required METASO_API_KEY, monitor quota or billing, and avoid using the skill with confidential prompts or private URLs unless Metaso is an approved service for that data.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
API calls made through the skill may consume the Metaso account's quota or billing associated with the provided key.
The skill reads a Metaso API key from the environment and uses it as a bearer token for Metaso API requests. This is expected for the stated integration, but it is still credentialed account access.
this.apiKey = process.env.METASO_API_KEY; ... 'Authorization': `Bearer ${this.apiKey}`Use a Metaso API key intended for this integration, store it only in environment/OpenClaw configuration, and rotate or remove it when no longer needed.
Search terms, page URLs, and chat prompts may be visible to Metaso and handled under Metaso's service policies.
The skill sends requested URLs and chat message content to Metaso's hosted API endpoints. This matches the advertised functionality, but user-provided content leaves the local environment.
this.readerUrl = 'https://metaso.cn/api/v1/reader'; ... const body = { url: url }; ... const body = { model: model, messages: messages, scope: scope, format: format, stream: stream, conciseSnippet: conciseSnippet };Avoid sending secrets, private documents, or tokenized/private URLs unless you are comfortable sharing them with Metaso.