grok-search

SUSPICIOUS. The skill’s purpose is coherent, but its actual execution depends on an unidentified Grok Search MCP surface that is not verified as official xAI from the provided evidence. The main risk is trust and credential routing: a plausible third-party MCP implementation can receive XAI_API_KEY and process arbitrary web content, creating medium-high supply-chain and prompt-injection risk even without clear evidence of outright malware.