Back to skill
Skillv1.0.0
ClawScan security
Crypto Search · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 10, 2026, 4:30 AM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's instructions, requirements, and scope are internally consistent with a content search/synthesis primitive that calls an internal `kaito_advanced_search` tool; it does not request unrelated credentials or install artifacts, but the source is unknown so verification is recommended before wide use.
- Guidance
- This skill appears coherent for running structured searches through an internal `kaito_advanced_search` facility. Before installing, confirm that your agent environment actually provides that service (kaito_advanced_search) and understand where search results are stored or logged. Because the skill's source/homepage is unknown, prefer testing it with non-sensitive queries first and verify that results stay inside your trusted environment. If the skill later asks for API keys, URLs, or to read local files, treat that as a red flag and re-evaluate. If you need higher assurance, ask the skill author for documentation or provenance of the kaito interface it relies on.
Review Dimensions
- Purpose & Capability
- okName/description (Crypto Search — search Twitter/News) align with the SKILL.md: all runtime steps describe constructing queries and calling `kaito_advanced_search`. There are no unrelated environment variables, binaries, or install steps requested that would contradict the stated purpose.
- Instruction Scope
- okSKILL.md stays focused on query construction, boolean syntax, field modifiers, and query strategies for Twitter/News. It does not instruct the agent to read system files, environment variables, or to transmit data to third-party endpoints outside the expected search interface. It explicitly forbids downstream uses (mindshare, sentiment, profiling).
- Install Mechanism
- okInstruction-only skill with no install spec and no code files; nothing is written to disk or pulled from external URLs as part of installation.
- Credentials
- okNo environment variables, credentials, or config paths are required. That is proportionate for a skill that delegates searching to an assumed internal service (`kaito_advanced_search`).
- Persistence & Privilege
- okThe skill is not force-included (always: false) and requests no special persistent privileges or modifications to other skills. It allows normal autonomous invocation, which is the platform default and expected for skills.