search-layer
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill communicates with multiple well-known search and data providers, including Exa, Tavily, and the Grok API (xAI), to aggregate results. It also performs direct fetches of web content from domains such as github.com, reddit.com, news.ycombinator.com, and v2ex.com to extract discussion threads and references.- [DATA_EXFILTRATION]: To authenticate API requests, the skill reads local configuration and credential files, specifically
~/.git-credentialsfor GitHub access and~/.openclaw/credentials/search.jsonfor search provider keys. These credentials are used solely to facilitate authorized communication with the intended service endpoints.- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it ingests untrusted external content (web page text, GitHub comments) and interpolates it into LLM prompts withinchain_tracker.pyandrelevance_gate.py. Ingestion points: Content is fetched viafetch_thread.pyand processed inchain_tracker.py. Boundary markers: Minimal isolation is used, such as basic quotes during interpolation inrelevance_gate.py. Capability inventory: The skill performs network operations and reads local configuration files. Sanitization: No explicit sanitization or escaping of ingested text is performed before it is sent to the LLM.- [COMMAND_EXECUTION]: Thesearch.pyscript utilizesimportlibto dynamically load thefetch_thread.pymodule from a path relative to its own location within the skill directory for modular execution.
Audit Metadata