Exa tools
Analysis
This instruction-only skill is coherently focused on Exa web and people research, with minor user-notice items around the Exa API key and hosted MCP queries.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.
Source: unknown; Homepage: none
The registry metadata does not provide a source repository or homepage for provenance review. The skill is instruction-only, so this is a low-impact provenance note rather than a behavioral concern.
Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.
https://mcp.exa.ai/mcp?exaApiKey=${EXA_API_KEY}&tools=web_search_exa,web_search_advanced_exa,people_search_exaThe skill documents use of an Exa API key in the hosted MCP endpoint. This is expected for Exa access, but it is still a credential that should be protected.
Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.
Prefer the hosted Exa MCP endpoint with fixed tools in the URL query.
The skill routes research through a hosted Exa MCP service. This is aligned with its purpose, but it means search prompts and people-research queries are sent to an external provider.