Jina AI - Web Reader, Search and Deep Search
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: jina-ai Version: 1.0.6 The OpenClaw skill bundle for Jina AI is benign. All scripts (`.sh` and `.py`) are well-contained, interacting solely with specified Jina AI API endpoints (`r.jina.ai`, `s.jina.ai`, `deepsearch.jina.ai`). Crucially, the shell scripts (`jina-deepsearch.sh`, `jina-reader.sh`, `jina-search.sh`) implement robust input sanitization using `python3` to URL-encode or JSON-encode user-provided arguments, effectively preventing shell injection vulnerabilities. The Python script (`jina-reader.py`) uses `urllib.request` safely. The `SKILL.md` and `README.md` are transparent about data handling and external calls, and contain no prompt injection attempts or instructions for malicious behavior. No evidence of data exfiltration, persistence, or unauthorized actions was found.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private or sensitive URLs and questions could be disclosed to Jina if used with this skill.
The skill explicitly sends user-provided URLs, search queries, and research questions to an external provider. This is core to the stated function, but users should treat it as data sharing with Jina.
By using this skill, URLs and queries are transmitted to Jina AI (jina.ai). Only install if you trust Jina with your data.
Use this skill only for content you are comfortable sending to Jina, and avoid sensitive internal URLs or confidential research prompts unless Jina is an approved provider.
If the key is exposed through a shared shell profile, logs, or a committed dotfile, someone else could use the user's Jina account quota or access.
The skill requires a Jina API key and suggests storing it persistently in a shell profile. This is expected for the integration, but the key may grant account/API usage and should be protected.
export JINA_API_KEY="your-api-key" Add to your shell profile (`~/.bashrc`, `~/.zshrc`, etc.) for persistence.
Keep the API key out of repositories and shared profiles, use a limited-scope key if Jina supports it, and rotate the key if it may have been exposed.
The agent may send a URL or query to Jina during a task if it decides the skill is useful.
The skill can be called by the agent as part of normal reasoning rather than only through direct manual invocation. This is disclosed and scoped to Jina web read/search actions.
This skill may be invoked autonomously by the model without explicit user trigger
Disable model invocation in skill settings if you want manual-only use, especially when working with sensitive topics or URLs.
The skill may fail or require ad hoc setup on systems without curl or python3.
The script depends on python3 and curl, while the registry requirements list no required binaries. This is an under-declared runtime dependency, not evidence of malicious behavior.
SAFE_URL=$(printf '%s' "$URL" | python3 -c ...)
response=$(curl -s -w "\n%{http_code}" "https://r.jina.ai/${SAFE_URL}"Declare curl and python3 as runtime requirements, or document that users should use the Python reader variant where appropriate.