search-layer
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes a local Python script (
search.py) to orchestrate API calls and process results. This is an intended and necessary function for managing multi-source data retrieval.\n- [EXTERNAL_DOWNLOADS]: The script communicates with well-known search and AI service providers (Exa, Tavily, and Grok/xAI). These are established services appropriate for the skill's search and research functionality.\n- [PROMPT_INJECTION]: The skill implements proactive defensive measures. Inscripts/search.py, user queries sent to external models are wrapped in XML-style tags, and the system prompt explicitly instructs the model to treat the content as untrusted input and ignore any instructions within it.\n- [DATA_EXPOSURE]: The script reads API keys from a specific configuration file (~/.openclaw/credentials/search.json) and environment variables. This is a standard and safe method for managing authenticated access to necessary external services.
Audit Metadata