Web Search Assistant
Security checks across malware telemetry and agentic risk
Overview
This is a coherent web-search skill that sends search queries to EvoLink using your API key, with no hidden file access, persistence, or privileged behavior shown.
This skill appears safe for normal web searches if you trust EvoLink with your queries and API key. Do not include secrets in search terms, and treat returned titles/descriptions as untrusted web content rather than instructions.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malicious or misleading search snippet could try to influence the agent if treated as instructions rather than search data.
The skill places provider-returned search result content into the agent/user context. Search snippets can contain untrusted web text, even though this is expected for a search tool.
if .results then
.results[]Treat search results as untrusted information to verify, not as commands or policy instructions.
Search terms are sent to EvoLink, so sensitive queries could leave the local environment.
The skill uses curl to send the requested search to an external API. This is central to the stated purpose and is disclosed, but it is still a network tool action.
curl -s -X POST "https://api.evolink.ai/v1/search"
Avoid searching for secrets or highly sensitive private data, and keep max_results to a reasonable value.
Anyone who can access this environment variable could use the EvoLink account/key associated with it.
The script authenticates to EvoLink using the EVOLINK_API_KEY environment variable. This credential use is expected and disclosed for the provider integration.
-H "Authorization: Bearer $EVOLINK_API_KEY"
Use a dedicated EvoLink API key with minimal privileges if available, keep it out of logs, and revoke it if it may be exposed.