jina-deepsearch
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This instruction-only skill appears purpose-aligned: it uses curl and an AIHubMix API key to send search prompts to Jina DeepSearch, so users should be aware their queries and key are used with that external service.
This skill is reasonable for direct Jina DeepSearch access through AIHubMix. Before installing or using it, make sure you are comfortable sending your search queries to AIHubMix/Jina and using your AIHubMix API key from the environment. Prefer a limited-purpose API key and avoid putting sensitive secrets into search prompts.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill may consume quota or incur charges on the user's AIHubMix account depending on the service terms.
The skill requires an AIHubMix API key, which is expected for this API integration but gives the skill access to make authenticated requests under the user's account.
requires": { "env": ["AIHUBMIX_API_KEY"], "bins": ["curl"] }Use a service-specific key with the minimum needed permissions or spending limits, and avoid exposing the key in shared logs or transcripts.
Search prompts or other text included in the request will be transmitted to AIHubMix and processed by the external DeepSearch service.
The documented workflow sends user-provided query text to an external AIHubMix API endpoint. This is disclosed and purpose-aligned, but users should understand the data leaves their environment.
curl https://aihubmix.com/v1/chat/completions ... "messages": [{"role": "user", "content": "Your search query"}]Do not include secrets or sensitive private data in queries unless the external service's privacy and retention terms are acceptable.