Unified Web Search (Iyeque)

The skill bundle is benign. Both the `SKILL.md` documentation and the `index.js` implementation demonstrate a strong focus on security, explicitly addressing command injection and path traversal risks. The `sanitizeQuery` function in `index.js` effectively removes quotes and blocks shell metacharacters, and the `execSync` call for Tavily search correctly wraps the sanitized query in double quotes. Local file searches are strictly confined to specific subdirectories within the OpenClaw workspace, with additional path resolution checks to prevent traversal. There is no evidence of malicious intent, data exfiltration, persistence, or prompt injection attempts against the agent.