Bocha Web Search

AdvisoryAudited by Static analysis on May 10, 2026.

Overview

Detected: suspicious.dangerous_exec, suspicious.env_credential_access

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

NoteHigh Confidence

ASI03: Identity and Privilege Abuse

What this means

Anyone using the skill must provide a Bocha API key, and requests will be billed or authorized under that Bocha account according to Bocha's rules.

Why it was flagged

The script retrieves a Bocha API key from the environment or config file and uses it for authenticated API requests. This is purpose-aligned, but it is still account credential use.

Skill content

if (process.env.BOCHA_API_KEY?.trim()) return process.env.BOCHA_API_KEY.trim(); ... Authorization: `Bearer ${apiKey}`

Recommendation

Use a dedicated Bocha key with the minimum needed permissions, store it securely, and rotate it if it may have been exposed.

NoteHigh Confidence

ASI07: Insecure Inter-Agent Communication

What this means

Search queries and any documents supplied through --raw-json may be processed by the Bocha service.

Why it was flagged

The script sends the constructed query or raw JSON payload to Bocha API endpoints. This is expected for a search/rerank connector, but it means user-provided content leaves the local environment.

Skill content

case 'rerank': return 'https://api.bochaai.com/v1/semantic-reranker'; ... body: JSON.stringify(payload)

Recommendation

Avoid sending secrets, private documents, regulated data, or sensitive business information unless you are comfortable sharing it with Bocha under its terms.

NoteHigh Confidence

ASI05: Unexpected Code Execution

What this means

Running the shortcut search script executes included Node.js code locally.

Why it was flagged

The helper starts the included bocha.mjs script with a fixed argument array. This is a local wrapper for the documented search function rather than arbitrary shell execution.

Skill content

const ret = spawnSync(process.execPath, [bochaPath, 'web', '--query', query, '--count', String(count), '--pretty'], {

Recommendation

Review the included scripts before use if you do not trust the publisher; no hidden or unrelated command execution is shown in the provided files.

Findings (2)

critical

suspicious.dangerous_exec

Location: scripts/search.mjs:18
Finding: Shell command execution detected (child_process).

critical

suspicious.env_credential_access

Location: scripts/bocha.mjs:51
Finding: Environment variable access combined with network send.