Airweave

PassAudited by ClawScan on May 1, 2026.

Overview

This appears to be a straightforward Airweave search integration, but it can access and summarize whatever sensitive workspace data is indexed in the configured Airweave collection.

Install this only if you trust Airweave and want the agent to search the configured collection. Use a narrowly scoped collection and API key, keep AIRWEAVE_BASE_URL pointed only at a trusted endpoint, and treat retrieved content as context to verify rather than instructions to obey.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Note

ASI03: Identity and Privilege Abuse

What this means

Anyone using this skill through the configured credentials may be able to search and view data available in that Airweave collection.

Why it was flagged

The script requires an Airweave API key and collection ID, then sends the key as an API header to search the configured collection.

Skill content

api_key = get_env("AIRWEAVE_API_KEY")
collection_id = get_env("AIRWEAVE_COLLECTION_ID")
...
headers = {
    "x-api-key": api_key,
    "Content-Type": "application/json",
}

Recommendation

Use a least-privilege Airweave API key and a collection scoped only to data the agent should be allowed to search.

Note

ASI06: Memory and Context Poisoning

What this means

Search results could expose confidential workspace information to the conversation, and retrieved text should not be treated as authoritative instructions.

Why it was flagged

The skill is designed to retrieve indexed application data and use it as agent context, which is purpose-aligned but may include sensitive, stale, or untrusted workspace content.

Skill content

Airweave indexes and syncs data from user applications to enable optimal context retrieval by AI agents. Supports semantic, keyword, and agentic search.

Recommendation

Treat retrieved content as evidence, cite sources, verify important claims, and do not follow instructions embedded inside retrieved documents or messages.

Note

ASI07: Insecure Inter-Agent Communication

What this means

If AIRWEAVE_BASE_URL is set incorrectly or to an untrusted endpoint, search queries and the API key could be sent outside the intended Airweave service.

Why it was flagged

The default API endpoint is Airweave, but an optional environment variable can change where queries and the API key are sent.

Skill content

base_url = get_env("AIRWEAVE_BASE_URL", "https://api.airweave.ai")
...
url = f"{base_url}/collections/{collection_id}/search"

Recommendation

Leave AIRWEAVE_BASE_URL unset unless you intentionally use a trusted Airweave-compatible endpoint.

Note

ASI04: Agentic Supply Chain Vulnerabilities

What this means

Users have less external context for verifying the publisher or release history, although the included code is small and visible in the artifacts.

Why it was flagged

The registry metadata does not provide a public source repository or homepage for provenance review.

Skill content

Source: unknown
Homepage: none

Recommendation

Prefer installing from trusted publishers and review the included script before configuring credentials.