Back to skill
Skillv1.0.0
VirusTotal security
Kiro Search Aggregator · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignMay 1, 2026, 4:25 AM
- Hash
- ae3d600d221186bde5523d2e30cbbc72994deba316b657cce3733dfc9559344c
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: kiro-search-aggregator Version: 1.0.0 The skill is designed to aggregate search results from multiple sources using specified API keys. The `SKILL.md` clearly outlines its purpose and required environment variables. The `search_aggregator.py` script uses standard Python libraries (`urllib.request`, `argparse`, `os.getenv`) to fetch API keys and make requests to legitimate search API endpoints (Serper, SerpAPI, X). User input for the search query is passed as a string parameter to these APIs, without any evidence of local command injection or arbitrary code execution. There are no attempts to exfiltrate sensitive data beyond the stated purpose, establish persistence, or use obfuscation. While an AI agent platform could be vulnerable to prompt injection if it poorly handles user input when executing the example command in `SKILL.md`, the skill itself does not contain malicious instructions or code designed to exploit such vulnerabilities.
- External report
- View on VirusTotal