Grokipedia
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: grokipedia Version: 1.2.0 The skill bundle is designed to search and fetch articles from grokipedia.com, aligning with its stated purpose. Code analysis of `scripts/fetch.mjs` and `scripts/search.mjs` shows proper input validation (e.g., `slug` and `query` sanitization, length limits) and safe URL construction using `encodeURIComponent` or `URL.searchParams.set`. All network requests are explicitly directed to `grokipedia.com`. There is no evidence of data exfiltration, malicious execution, persistence mechanisms, or prompt injection attempts in `SKILL.md` or `README.md`. Dependencies are standard for HTML parsing. The `--raw` HTML output option in `fetch.mjs` is a feature, and while it could pose an XSS risk if rendered unsafely by the consuming agent, this is a vulnerability in the consumer, not the skill itself.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Search terms and article lookups may be visible to Grokipedia, but no credentials or local files are involved.
The skill discloses external network calls, and the included scripts use Grokipedia URLs for search and article fetching. This is purpose-aligned, but users should know queries are sent to that site.
**Network access:** Fetches from `grokipedia.com` only (search API + article pages)
Use it for public information lookups and avoid submitting sensitive private queries unless you are comfortable sending them to Grokipedia.
Installing the skill will fetch dependency code into the skill directory, so the effective codebase includes packages beyond the reviewed scripts.
The skill installs third-party packages with semver ranges. That is normal for this parser, but it means installed dependency versions may vary, and the registry metadata under-declares the install/runtime requirements.
"install": "bun install --production" ... "dependencies": { "jsdom": "^24.0.0", "@mozilla/readability": "^0.5.0" }Install from a trusted package source and consider using a lockfile or pinned dependency versions if you need reproducible installs.