Felo Search
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: felo-search Version: 1.0.0 The skill is classified as suspicious due to a critical shell injection vulnerability found in `SKILL.md`. The instructions for the AI agent to replace `USER_QUERY_HERE` directly within a heredoc (`cat > /tmp/felo_query.json << 'EOF' ... EOF`) allow an attacker to terminate the heredoc and inject arbitrary shell commands, leading to Remote Code Execution (RCE). While the skill's stated purpose is benign and there's no evidence of intentional malicious behavior by the developer, this severe vulnerability makes it exploitable.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Search queries are written to a temporary file and sent through a shell command to Felo.
The skill uses shell commands, curl, and a temporary file to perform the search. This is coherent with its purpose, but users should understand the local command and file flow.
When this skill is triggered, execute the following steps using the Bash tool ... curl -s -X POST https://openapi.felo.ai/v2/chat ... -d @/tmp/felo_query.json
Use it for intended web searches only, avoid placing secrets in search queries, and use safer temporary-file handling if adapting the instructions.
Your Felo API key may authorize API usage on your account, and displaying it can accidentally reveal it.
The skill requires a provider API key, and the README suggests printing it during verification. This credential need is purpose-aligned, but it is not declared in registry metadata and printing secrets can expose them in logs or transcripts.
Set the `FELO_API_KEY` environment variable ... echo $FELO_API_KEY ... You should see your API key.
Use a revocable Felo API key, avoid echoing the full key in shared or logged terminals, and revoke/rotate it if exposed.
Anything included in a search query may be transmitted to Felo's service.
The documented workflow sends the user's query to an external provider API. This is expected for a web-search skill, but it is still a data boundary users should notice.
Extract the user's query and call the Felo API ... https://openapi.felo.ai/v2/chat
Do not include private credentials, confidential files, or sensitive personal data in searches unless you are comfortable sending them to Felo.
It is harder to independently verify who maintains the skill or inspect its release history.
The registry metadata does not provide a source repository or homepage for provenance verification, although no runnable code files are included.
Source: unknown; Homepage: none
Install only if you trust the registry entry and Felo integration; verify the publisher and endpoint before configuring an API key.