bocha-skill

ReviewAudited by ClawScan on May 10, 2026.

Overview

The search skill mostly matches its stated purpose, but it includes an actual-looking Bocha API key in its publishing documentation.

Review the package before installing because it contains an apparent API key in PUBLISH.md. Use only your own BOCHA_API_KEY, avoid sensitive search queries, and do not run the publishing script unless you specifically need to publish the skill.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Medium

#ASI03: Identity and Privilege Abuse

What this means

If the key is real, it could be abused by anyone with the package, potentially causing account misuse, quota loss, or billing impact for the key owner.

Why it was flagged

This is a specific API-key-looking value embedded in the distributed documentation rather than a placeholder, creating a potential exposed credential or unintended shared-account use.

Skill content

export BOCHA_API_KEY="sk-a2f0234180684fe0adcf6302c6027040"

Recommendation

Remove the key from the package, revoke or rotate it if it was real, and replace it with a clear placeholder such as "your-api-key-here".

Info

#ASI07: Insecure Inter-Agent Communication

What this means

Search terms and the API key are visible to the Bocha service during normal use.

Why it was flagged

The skill sends the user's search query and Bocha API key to the Bocha API, which is expected for this search-provider integration.

Skill content

const BOCHA_API_ENDPOINT = 'https://api.bocha.cn/v1/web-search'; ... 'Authorization': `Bearer ${apiKey}` ... body: requestBody

Recommendation

Use your own Bocha API key and avoid sending highly sensitive private information as search queries unless you trust the provider.

Low

#ASI04: Agentic Supply Chain Vulnerabilities

What this means

This does not affect normal search use, but running the publishing helper gives npm-installed code global CLI privileges on the user's machine.

Why it was flagged

The optional publishing script installs the clawdhub CLI globally from npm without a pinned version if the user runs the script.

Skill content

if ! command -v clawdhub &> /dev/null; then ... npm install -g clawdhub

Recommendation

Only run publish.sh if you intend to publish the skill; otherwise ignore it. If used, install a trusted/pinned clawdhub CLI version manually.