Skillv0.1.0

ClawScan security

Exa Cli · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 14, 2026, 4:51 PM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill's purpose and commands match (controlling an Exa CLI), but its runtime instructions ask users/agents to fetch and execute remote installers (curl | bash, npx installs) and to set an auth token without specifying provenance, which is disproportionately risky for an instruction-only skill.
Guidance: This skill appears to do what it claims (control Exa via its CLI), but the SKILL.md asks you to download and execute remote installers (via curl|bash and npx). Those commands can run arbitrary code on your machine. Before installing, verify the upstream sources (Melvynx/exa-cli, api2cli, bun.sh): inspect their repositories and installer scripts, confirm HTTPS URLs and signatures if available, and prefer installing in a sandbox/container or on a throwaway environment first. Treat the auth token as sensitive: find out where to obtain it, what scopes it grants, and avoid pasting it into a shared shell history or storing it in plain text. If you cannot review the installer code or confirm the package maintainers, do not run the curl|bash installer on production systems.

Review Dimensions

Purpose & Capability: okThe name, description, and the listed commands in SKILL.md consistently describe a CLI wrapper for Exa search/answer/context functionality. No unrelated services, credentials, or binaries are requested in the metadata.
Instruction Scope: noteSKILL.md instructs the agent to install and run exa-cli and to set an auth token. The instructions do not ask the agent to read unrelated system files, other credentials, or user data, but they do instruct executing installers and linking ~/.local/bin into PATH and using an auth token (sensitive). The doc does not say where the token comes from or what scope it needs.
Install Mechanism: concernAlthough there is no formal install spec, the instructions tell the user/agent to run remote installers: `curl -fsSL https://bun.sh/install | bash` (piping a remote script to shell) and `npx api2cli install Melvynx/exa-cli` / `npx api2cli bundle exa`. These steps download and execute code from external sources at runtime and can run arbitrary code on the host — this increases risk and should be validated before running.
Credentials: noteThe skill metadata requests no environment variables or credentials, which is proportionate. However, runtime instructions require calling `exa-cli auth set "your-token"`, meaning the user must provide a token. The skill doesn't declare how the token is obtained, its required scope, or secure storage recommendations — the token is sensitive and needs justification.
Persistence & Privilege: notealways is false (good). The `api2cli link` step will modify the user's PATH (e.g., adding ~/.local/bin) which is a persistent change to shell configuration. Other than that, the skill does not request elevated permissions or permanent background presence.