Exa Personal Site Search
Security checks across malware telemetry and agentic risk
Overview
This instruction-only skill is a coherent Exa search helper with disclosed external CLI/API use and no evidence of hidden persistence, credential theft, destructive actions, or unrelated data access.
Before installing, make sure `exa.js` is installed from a trusted Exa source and only search for names, affiliations, or context you are comfortable sending to an external search service. Review any `.agents/product-marketing-context.md` or `.claude/product-marketing-context.md` file first, since the skill tells the agent to read it if present.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.