exa-search

Based only on the provided manifest/README fragment, there is no direct proof of malicious code. However, the installation model (npx install from a GitHub repo), lack of pinned dependencies or lockfile, and absence of explicit endpoint and telemetry details present moderate supply-chain and privacy risks. Recommended actions before deploying or granting this skill sensitive data: (1) review the repository source code and any post-install scripts; (2) inspect package.json, package-lock/yarn.lock, and transitive dependencies for unexpected packages and scripts; (3) verify exact endpoints the skill calls and ensure they belong to the expected Exa service; (4) confirm that API keys are used only for intended endpoints and are not logged or exfiltrated; (5) prefer installing from a pinned, versioned release or vendor the code into a controlled environment; (6) restrict the skill’s runtime permissions and avoid installing globally into sensitive agent runtimes until audit is complete.