Elasticsearch Openclaw
ReviewAudited by ClawScan on May 10, 2026.
Overview
This is an instruction-only Elasticsearch reference, but it claims to be read-only while including examples that can create or modify Elasticsearch resources.
Install only if you are comfortable reviewing the examples before use. Treat it as documentation that includes both read-only query patterns and some setup/admin patterns; give the agent a read-only Elasticsearch API key for normal use and require explicit approval before running any PUT, POST, indexing, pipeline, inference, or security-management commands.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If an agent or user follows these examples against a real cluster with sufficient credentials, it could create indices, add documents, or create inference endpoints rather than only reading data.
These are mutating or administrative Elasticsearch operations, included in a skill advertised as read-only search and analytics documentation.
PUT my-index ... POST my-index/_doc ... PUT _inference/text_embedding/jina-embeddings-v3
Clearly separate read-only query examples from setup/admin examples, require explicit user approval before any mutating API call, and label required privileges for each non-read-only operation.
A user may grant trust or credentials believing the skill only supports read-only activity, while the documentation can still guide an agent toward cluster-changing operations.
The read-only safety claim is contradicted by included examples such as API key creation, and other reference files include additional write/setup operations.
"No write operations (indexing, updates, deletions) are included or executed by the agent." ... "POST /_security/api_key"
Revise the description and security model to accurately disclose all non-read-only examples, or remove/admin-gate those examples from the read-only skill.
Search results, mappings, and analytics may expose private business data from Elasticsearch indices.
The skill requires an Elasticsearch API key and correctly recommends least-privilege read access, but that credential still grants access to potentially sensitive cluster data.
ELASTICSEARCH_API_KEY: "Base64-encoded API key (required, secret)" ... privileges: ["read", "view_index_metadata"]
Use a dedicated API key scoped to only the needed indices and read/view-metadata privileges; do not provide admin or write-capable credentials unless intentionally performing setup.
Private search queries or document text used for embeddings may leave the Elasticsearch environment and be processed by JINA.
The documentation discloses that semantic search/inference can send query or indexing text to an external provider.
⚠️ Every query and indexing operation calls api.jina.ai
Only use the JINA inference path for data you are allowed to send to that provider, and review provider terms, retention, and access controls.