byted-web-search
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFEDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The script
scripts/web_search.pyattempts to read from a sensitive file path at/root/.openclaw/.env. This file is accessed to load environment variables and API credentials. While this appears to be a mechanism for credential management in specific environments, accessing files within the root directory is a high-sensitivity operation that could be exploited to expose system configuration or secrets. - [EXTERNAL_DOWNLOADS]: The skill performs network requests to
mercury.volcengineapi.comandopen.feedcoopapi.com. These endpoints are used to communicate with the Volcengine fusion search services. These domains are official infrastructure belonging to the service provider associated with the skill author. - [PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks as it ingests and processes untrusted data from the open web.
- Ingestion points: External search results (snippets, titles, and summaries) are retrieved via
scripts/web_search.pyand passed directly to the agent context. - Boundary markers: The instructions do not define clear delimiters or "ignore instructions" guards for the agent when processing the retrieved web content.
- Capability inventory: The skill possesses network access capabilities and the ability to read local filesystem configuration.
- Sanitization: There is no evidence of sanitization, filtering, or validation performed on the retrieved web content before it is processed by the agent.
Audit Metadata