xai
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill incorporates a search tool (
scripts/search-x.js) that retrieves and displays content from X (Twitter). This creates a surface for indirect prompt injection where malicious instructions embedded in tweets could attempt to influence the agent's behavior. - Ingestion points: Untrusted data enters the agent context via the search results returned by the xAI Responses API in
scripts/search-x.js. - Boundary markers: The script does not utilize specific delimiters or provide warnings to the LLM when displaying external content.
- Capability inventory: The skill is capable of performing network requests to
api.x.aiusing thehttpsmodule. - Sanitization: Content retrieved from the API is logged directly to the console without filtering or sanitization.
- [DATA_EXPOSURE]: The scripts (
chat.js,models.js,search-x.js) read the agent's local configuration file at~/.clawdbot/clawdbot.jsonto retrieve thexaiAPI key. This is a standard configuration mechanism for skills designed for the OpenClaw/Clawdbot framework and does not represent unauthorized data access.
Audit Metadata