Exa Search
PassAudited by ClawScan on May 10, 2026.
Overview
This is a coherent Exa web-search helper that uses your EXA_API_KEY and sends selected search queries to Exa, with no hidden or unrelated behavior found.
This skill appears safe for its stated purpose. Before installing, make sure you are comfortable providing an Exa API key and sending your search queries to Exa; also be aware that using options like --text may increase provider-side cost or quota usage.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone using the skill must provide an Exa API key, and searches may consume that account's quota or billing.
The script uses the user's Exa API key as delegated authority for Exa API calls. This is expected for the stated purpose and is not shown being logged, hardcoded, or sent elsewhere.
const apiKey = process.env.EXA_API_KEY; ... "x-api-key": apiKey
Store the key securely, use an appropriately scoped Exa key if available, and revoke or rotate it if you stop using the skill.
Search terms, and optionally requested page text/highlight options, are processed by Exa.
The script sends the search query and options to Exa's API. The destination is disclosed and purpose-aligned, but user queries leave the local environment.
await fetch("https://api.exa.ai/search", { method: "POST", ... body: JSON.stringify(body) })Avoid sending sensitive private information in search queries unless you are comfortable with Exa processing it.