Exa
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent misunderstands a request or follows an unsafe prompt, it could make unintended changes through the user's Exa connection.
This exposes a raw authenticated API escape hatch, including mutation and deletion methods, without clear restrictions or confirmation requirements.
When the available actions don't cover your use case, you can send requests directly to the Exa API through Membrane's proxy... Common options: ... HTTP method (GET, POST, PUT, PATCH, DELETE).
Use listed Membrane actions where possible, restrict raw proxy use to specific user-approved endpoints, and require explicit confirmation before POST, PUT, PATCH, or DELETE requests.
Installing and using the skill may grant the agent delegated access to Exa through Membrane until that connection is revoked or expires.
The skill clearly relies on delegated Membrane/Exa authentication and ongoing credential refresh, which is expected for this integration but sensitive.
Membrane handles authentication and credentials refresh automatically... The user completes authentication in the browser... injects the correct authentication headers — including transparent credential refresh if they expire.
Connect only the intended Exa account, prefer least-privilege access where available, and revoke the Membrane/Exa connection when it is no longer needed.
The behavior of the Membrane CLI could differ depending on what version npm installs at setup time.
The setup uses a global npm install with the moving @latest tag. This is central to the skill's purpose, but it means the installed code may change over time.
npm install -g @membranehq/cli@latest
Install from a trusted environment, verify the package source, and consider pinning a reviewed CLI version instead of using @latest.