Exa tools
PassAudited by ClawScan on May 1, 2026.
Overview
This instruction-only skill is coherently focused on Exa web and people research, with minor user-notice items around the Exa API key and hosted MCP queries.
This skill appears safe to use for Exa-based research if you are comfortable sending the relevant search queries to Exa. Protect the EXA_API_KEY, do not share generated configuration containing a real key, and verify the hosted endpoint against Exa's official documentation before use.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the API key is exposed, someone else may be able to use the user's Exa account or quota.
The skill documents use of an Exa API key in the hosted MCP endpoint. This is expected for Exa access, but it is still a credential that should be protected.
https://mcp.exa.ai/mcp?exaApiKey=${EXA_API_KEY}&tools=web_search_exa,web_search_advanced_exa,people_search_exaStore the Exa API key in a secure environment variable or secret store, avoid pasting it into chats or shared logs, and rotate it if it is accidentally exposed.
Research topics, names, organizations, or other query details may be visible to the Exa service.
The skill routes research through a hosted Exa MCP service. This is aligned with its purpose, but it means search prompts and people-research queries are sent to an external provider.
Prefer the hosted Exa MCP endpoint with fixed tools in the URL query.
Avoid sending confidential or highly sensitive research queries unless Exa's data handling terms are acceptable for the task.
Users have less publisher or source context to verify that the configuration matches the intended Exa MCP setup.
The registry metadata does not provide a source repository or homepage for provenance review. The skill is instruction-only, so this is a low-impact provenance note rather than a behavioral concern.
Source: unknown; Homepage: none
Before adding credentials, compare the endpoint and tool names against Exa's official documentation.