Exa Tool
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: exa-tool Version: 1.0.0 The OpenClaw Exa MCP skill bundle appears benign. It acts as a wrapper for the legitimate Exa MCP API, requiring an `EXA_API_KEY` which is handled via environment variables or OpenClaw configuration. The `bin/exa-web-search.mjs` script makes HTTPS requests solely to `https://mcp.exa.ai/mcp` and processes JSON input/output. There is no evidence of data exfiltration to unauthorized endpoints, malicious execution (e.g., shell injection, `eval` of untrusted input), persistence mechanisms, or prompt injection attempts within `SKILL.md` or `README.md` to manipulate an AI agent.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent with access to this skill could initiate different Exa research actions, such as crawling, people search, company research, or deep research, depending on allowed usage.
The skill documents a generic wrapper for any Exa MCP tool, which is broader than only web search. This is disclosed and aligned with the research purpose, but users should notice the broad tool surface.
`exa-search <tool> '{"json":"args"}'` - Generic wrapper for any Exa MCP toolAllow the skill only for agents that need broad external research capability, and prefer the narrower web-search wrapper when that is sufficient.
If the API key is exposed or misused, someone could consume Exa quota or access the Exa account permissions associated with that key.
The wrapper requires an Exa API key and uses it as a bearer token for Exa requests. This is expected for the integration, and the artifacts do not show hardcoding or logging of the key.
const token = process.env.EXA_API_KEY; ... 'Authorization': `Bearer ${token}`Store the key securely, avoid pasting it into prompts or logs, monitor Exa usage, and rotate the key if it may have been exposed.
The documented commands may fail, or a user may be tempted to fetch missing helper files from outside the reviewed artifact set.
The package declares command paths that are not present as exact files in the provided manifest, which includes bin/exa-web-search.mjs but not bin/exa-search or bin/exa-web-search.
"bin": { "exa-search": "./bin/exa-search", "exa-web-search": "./bin/exa-web-search" }Verify the installed package includes the expected executable files, or update the package metadata and documentation to match the included script names.
An agent may summarize or reason over untrusted web text; if not handled carefully, page content could be mistaken for user or system instructions.
The tool can return external webpage content into an agent session. Web content is untrusted and could contain text that attempts to influence the agent.
`crawling_exa` | Get full content of a specific webpage from a known URL
Treat search and crawl results as untrusted reference material, and instruct agents not to follow instructions found inside returned web pages.
Search terms, crawl targets, and related request details are shared with Exa and may be subject to Exa account limits and policies.
The wrapper sends the user-provided search arguments and authorization header to Exa's external MCP endpoint. This external provider flow is disclosed and purpose-aligned.
https.request('https://mcp.exa.ai/mcp', options, ...); ... req.write(JSON.stringify(payload));Avoid sending confidential queries or private URLs unless you are comfortable sharing them with Exa under your account terms.