Back to skill
Skillv1.2.1
VirusTotal security
Exa · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 30, 2026, 3:56 AM
- Hash
- 16361019cc83952c24de2e68e48ea85912a67d4d48ed44ab0301d150c870aa89
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: exa-full Version: 1.2.1 The skill bundle is benign. It demonstrates strong security awareness, particularly in handling the `SCHEMA_FILE` for research tasks. The `research_create.sh` script includes explicit warnings against using sensitive files and implements robust checks to prevent uploading files with sensitive names (e.g., `.env`, `.key`, `id_rsa`), validates file existence and size, and uses `jq -c '.'` for safe JSON parsing. The `scripts/env.sh` file securely loads `EXA_API_KEY` from `.env` without `source`ing the file, and all network calls are exclusively directed to `https://api.exa.ai`. User inputs are safely incorporated into JSON payloads using `jq -n --arg`, preventing shell injection. There is no evidence of data exfiltration, malicious execution, persistence mechanisms, or prompt injection with harmful intent.
- External report
- View on VirusTotal