Kimi Search
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill appears to be a straightforward Moonshot Kimi web-search wrapper, but it uses your Moonshot API key, sends queries to Moonshot, and may incur API/search charges.
This looks suitable if you want an OpenClaw skill that searches the web through Moonshot Kimi. Before installing, make sure you trust Moonshot with your search queries, protect the API key, understand the per-search and token costs, and install the Python dependency from a trusted environment.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Use of this skill can consume the user's Moonshot quota or balance through the configured API key.
The skill requires a Moonshot API key, which gives the skill delegated access to the user's Moonshot account for API calls.
需要配置 MOONSHOT_API_KEY
Use a dedicated Moonshot API key if available, monitor usage, and avoid sharing the configured key.
Search terms and any sensitive information included in the query are transmitted to Moonshot for processing.
The code sends the user's search query to Moonshot's external API endpoint.
base_url="https://api.moonshot.cn/v1"
Do not include secrets, private documents, or sensitive personal data in search queries unless you are comfortable sending them to Moonshot.
A single invocation could involve more than one web-search/tool-call round, potentially increasing latency and API cost.
The script continues model-requested tool-call rounds until the model stops, and the skill documentation notes that each search can add cost.
while finish_reason is None or finish_reason == "tool_calls":
Use the skill for queries where real-time web search is needed, and monitor Moonshot usage or billing.
The installed dependency version may vary over time, which can affect behavior or compatibility.
The setup instructions require installing the Python openai package without a pinned version.
pip3 install openai
Install dependencies from trusted package sources, preferably in a virtual environment, and consider pinning a known-good openai package version.