Skills
skills/openclaw/skills/websearchapi/Gen Agent Trust Hub

websearchapi

Fail

Audited by Gen Agent Trust Hub on Feb 26, 2026

Risk Level: HIGHCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The configuration file tools/websearchapi/config.json contains a hardcoded API key (rEux5Wb3fyHM47TKyCpNdHGf). Storing secrets in plain text within configuration files or source code is a significant security risk as it can lead to unauthorized access and abuse of the associated service account.
  • [EXTERNAL_DOWNLOADS]: The utility makes outbound network requests to https://www.searchapi.io/api/v1/search. This is a well-known service used for programmatic search access. The communication is performed using Node.js's built-in https module.
  • [COMMAND_EXECUTION]: The skill is designed to be executed as a CLI tool (websearchapi.js). While it correctly uses querystring.stringify to escape search parameters sent to the API, users should be aware that the tool itself is intended to be called via system command execution (e.g., exec or spawn) which requires careful handling of shell arguments.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 26, 2026, 04:15 PM