ClawHub

Exa Web Search Nodeskai

v1.0.0

NodeSkai's optimized Free AI search via Exa MCP. Enhanced web search for news/info, code search for docs/examples from GitHub/StackOverflow, and deep company...

0· 251·0 current·0 all-time
by@yumoezhung
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description match the runtime instructions: all SKILL.md examples call mcporter to invoke exa.* endpoints. Declaring mcporter as a required binary is appropriate for a mcporter-based search integration. Provided GitHub/npm/docs links align with the described Exa MCP service.
Instruction Scope
Instructions are narrowly scoped to running mcporter commands and adding an MCP config URL. They do not instruct reading local files, environment variables, or unrelated system state. However, the skill tells the agent to configure mcporter to use https://mcp.exa.ai/mcp (and a variants URL with tool flags) — this will send user queries and any passed content to that external endpoint. Advanced tools (crawling, deep_researcher, people_search) can cause broader external crawling/collection if used.
Install Mechanism
There is no install spec and no code files (instruction-only), so nothing will be written to disk by the skill itself. The only runtime dependency is the mcporter binary which is declared. This is the lowest-risk install posture for a skill, but mcporter itself is the trust boundary.
Credentials
The skill requests no environment variables, credentials, or config paths. That is proportional to a read-only web/search integration. Note: user queries (which may include secrets) will be transmitted to the external MCP endpoint if used.
Persistence & Privilege
always is false and the skill does not request elevated persistence or to modify other skills. The skill can be invoked autonomously by the agent (platform default) — combined with external network calls this increases exposure only if the agent invokes it without user oversight.
Assessment
This skill is coherent: it simply documents mcporter commands that point at an Exa MCP endpoint. Before installing, verify the mcporter binary is legitimate and under your control, and confirm the Exa endpoints (https://mcp.exa.ai and the referenced GitHub/npm projects) are trustworthy. Treat any query you send as visible to that external service—do not include secrets, private URLs, or confidential data. If you need stronger guarantees, prefer a skill with a published homepage or an official source, or run mcporter calls in an isolated environment or behind egress controls. If you plan to let the agent call skills autonomously, consider restricting autonomous use or auditing calls to avoid accidental disclosure.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dn0ehw0sfx9xbffmkgwgyrh82bprm

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🚀 Clawdis
Binsmcporter

Comments