grok-search

The OpenClaw AgentSkills skill bundle for 'grok-search' is benign. The scripts (`chat.mjs`, `grok_search.mjs`, `models.mjs`) legitimately access the `XAI_API_KEY` from environment variables or `~/.clawdbot/clawdbot.json` to authenticate with the official xAI API (api.x.ai). File system access is limited to reading this configuration and user-specified image files for vision chat, which is directly aligned with the skill's stated purpose. There is no evidence of data exfiltration to unauthorized endpoints, malicious execution of arbitrary commands, persistence mechanisms, or prompt injection attempts against the OpenClaw agent in `SKILL.md`.