search-layer
Warn
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs dynamic module loading in
scripts/search.pyto import sibling scripts using computed file paths at runtime. - [CREDENTIALS_UNSAFE]: The skill reads sensitive information from local files such as
~/.git-credentialsand~/.openclaw/credentials/search.jsonto obtain authentication tokens for GitHub and various search APIs. - [EXTERNAL_DOWNLOADS]: The skill retrieves data from numerous external services, including the Tavily, Exa, and Grok APIs, as well as platforms like GitHub, Reddit, and Hacker News. These are well-known services and the downloads are essential for the skill's functionality.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted data from the web and includes it in prompts sent to an LLM for relevance evaluation.
- Ingestion points:
scripts/fetch_thread.pyandscripts/search.pyfetch data from arbitrary external URLs. - Boundary markers: Instructions to ignore embedded commands are present in some components but absent in the
relevance_gate.pylogic. - Capability inventory: The skill has full network access via Python's
requestsandurllibmodules. - Sanitization: The skill performs basic HTML tag removal but does not sanitize content against adversarial prompt instructions.
Audit Metadata