ClawHub

Exa Search (Rust)

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Exa web-search skill whose main risks are normal API-key handling and sending searches or URLs to Exa, not hidden or malicious behavior.

Install only if you are comfortable sending search queries and requested URLs to Exa. Use a revocable EXA_API_KEY, keep the workspace .env file private, avoid pasting command transcripts that include environment values, and verify the actual installed skill path before invoking it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The documentation instructs the agent to extract the Exa API key directly from the user's local ~/.openclaw/workspace/.env file at execution time. Reading secrets from a general local credential store expands the skill's access to sensitive material and normalizes secret-handling patterns that can expose credentials through logs, shell history, subprocess inspection, or accidental reuse.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The helper sections explicitly promote exporting a credential from a local .env file and reusing it across workflows. This increases the blast radius of a single secret by encouraging wider shell-session exposure and raises the risk of accidental disclosure via environment dumps, debugging output, inherited child processes, or copied command transcripts.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill sends user queries and supplied URLs to an external third-party search provider, but the documentation does not warn that potentially sensitive prompts, targets, or fetched content will leave the local environment. In an agent setting, that omission can cause unintentional exfiltration of private research topics, internal URLs, or other confidential data to an outside service.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal