search1api
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill is designed to fetch and process content from arbitrary URLs provided by the user or found during searches.
- Ingestion points: The
crawl.sh,search.sh, andnews.shscripts retrieve content from external websites via theapi.search1api.comservice. - Boundary markers: There are no boundary markers or delimiters implemented within the scripts to distinguish between instructions and data when the fetched content is returned to the agent.
- Capability inventory: The skill uses shell scripts to execute
curl,jq, andpython3commands. - Sanitization: While
jqis used to safely encode outbound data into JSON (preventing shell injection into the API request), there is no sanitization or filtering of the inbound web content (markdown/text) before it is passed back to the agent. - [DATA_EXPOSURE]: The shared helper script
scripts/_common.shaccesses the local file system to read sensitive configuration data. - Evidence: The
_resolve_api_keyfunction reads~/.openclaw/openclaw.jsonusing a Python one-liner to extract theapiKeyfor Search1API. This is a legitimate functional requirement for the 'OpenClaw' platform but involves accessing a file in the user's home directory.
Audit Metadata