Back to skill
Skillv1.2.1
ClawScan security
Exa · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 14, 2026, 1:34 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code, requirements, and instructions are internally consistent with a web/code search and async research client that uses an EXA_API_KEY to call api.exa.ai; nothing in the package indicates unrelated or hidden exfiltration.
- Guidance
- This package appears to be a straightforward client for Exa's APIs. Before installing: (1) Only provide an EXA_API_KEY you trust — the scripts send it as x-api-key to api.exa.ai. (2) Do not point SCHEMA_FILE at sensitive local files; the tool will upload the schema JSON to Exa (there is a filename guard for obvious secrets, but it is not foolproof). (3) The scripts use curl/jq to make network requests to api.exa.ai/docs.exa.ai/exa.ai; if you do not want network access, do not install. (4) If you need stricter protection, use a scoped or ephemeral API key and inspect calls in an isolated environment first.
Review Dimensions
- Purpose & Capability
- okName/description match the files and behavior: scripts implement web/search/content extraction/research flows and call https://api.exa.ai endpoints. Requested binaries (curl, jq) and required env var (EXA_API_KEY) are exactly what is needed for this purpose.
- Instruction Scope
- noteRuntime instructions and scripts stay within the stated scope (they only read EXA_API_KEY from the environment or .env and call api.exa.ai). The scripts will upload SCHEMA_FILE contents to the research endpoint if provided; the repository includes explicit warnings and a filename-pattern guard that blocks many obvious sensitive paths but does not (and cannot) guarantee safety for arbitrary local files. Users should avoid pointing SCHEMA_FILE at any confidential local data.
- Install Mechanism
- okNo install spec; the skill is instruction + shell scripts only. No remote downloads or extracted archives. Low installation risk.
- Credentials
- okOnly EXA_API_KEY is required which is proportional to a hosted API client. The only potentially sensitive transmission is SCHEMA_FILE content (intended behavior) — the code explicitly warns about this and implements filename-based guards and a size limit, but uploading arbitrary local files remains a user-controlled risk.
- Persistence & Privilege
- okalways:false and no code to modify agent/system configuration or other skills. The skill does not request persistent system privileges or write to other skills' configs.