Querit Search
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malicious or misleading web page could include text that tries to influence the agent if the agent treats page content as instructions.
The skill outputs search snippets and, with --content, fetched web page markdown into the agent's context. That is expected for a search tool, but web content is untrusted and may contain prompt-injection text.
console.log(formatResults(items)); ... if (args.content) { ... const md = await fetchContent(item.url); console.log(md); }Treat search results and fetched page content as reference material only; verify important claims and do not follow instructions found inside retrieved pages unless the user requested them.
Anyone who obtains the API key could use the user's Querit quota or account access for this service.
The skill reads the user's Querit API key from the environment and sends it as a Bearer token to the Querit API. This is disclosed and necessary for the service.
const apiKey = process.env.QUERIT_API_KEY; ... Authorization: `Bearer ${apiKey}`Store QUERIT_API_KEY securely, avoid committing it to files or repositories, and rotate it if it may have been exposed.
A compromised upstream repository or dependency could affect what gets installed, even though the reviewed local files do not show malicious behavior.
The installer downloads files from a mutable GitHub branch and installs npm dependencies. This is a normal setup pattern, but it depends on the integrity of that repository and npm packages.
REPO_BASE="https://raw.githubusercontent.com/interskh/querit-search/main" ... npm ci --production --silent 2>/dev/null || npm install --production --silent
Prefer installing reviewed/pinned artifacts when possible, verify the source repository, and use the included lockfile or registry-managed install path if available.
Private or sensitive terms included in searches may be sent to Querit.ai, and optional content extraction may fetch selected result URLs from the user's environment.
Search queries and filters are sent to the external Querit.ai API. This is the core disclosed function of the skill, but it is still an external data flow.
const API_URL = "https://api.querit.ai/v1/search"; ... body: JSON.stringify(payload)
Avoid putting secrets, private personal data, or confidential business information into search queries unless you are comfortable sharing them with the provider.