openclaw-search

================================================================================

🟡 VERDICT: MEDIUM

This skill relies on an external, unauditable API (https://api.aisa.one) for its core functionality. While the API key is handled securely (via environment variable and Authorization header), the skill sends user queries and the API key to this third-party service. This introduces a dependency on an external entity whose behavior cannot be verified through code analysis. Additionally, as the skill processes external search results, it is inherently susceptible to indirect prompt injection.

Total Findings: 3

🟡 MEDIUM Findings: • Unverifiable External API Dependency

• Line 20 (scripts/search_client.py): The skill's core functionality is entirely dependent on the external API https://api.aisa.one. The behavior and security of this third-party service cannot be audited, posing a risk as all user queries and the AISA_API_KEY are sent to it.

🔵 LOW Findings: • Data Transmission to External Service

• Line 20 (scripts/search_client.py): The skill transmits user queries and the AISA_API_KEY to https://api.aisa.one. While this is the intended functionality and the API key is sent via a standard Authorization header, aisa.one is not a whitelisted trusted domain. This is noted as a low risk because it's functional data, not arbitrary sensitive local files.

ℹ️ INFO Findings: • Indirect Prompt Injection Susceptibility

• Line 1 (scripts/search_client.py): The skill processes external search results from api.aisa.one. Any skill that processes external content is susceptible to indirect prompt injection, where malicious instructions embedded in the search results could attempt to manipulate the AI's behavior.

================================================================================