exa-search

SUSPICIOUS: The skill’s purpose and Exa-owned network endpoints are coherent, but trust in the actual exported `exa-*` commands is incomplete because their install source and implementation provenance are not documented. The biggest concrete issues are undocumented local credential-handling code and an MCP template that places the API key in a URL query string.