Skills
skills/sundial-org/awesome-openclaw-skills/exa-plus/Gen Agent Trust Hub

exa-plus

Pass

Audited by Gen Agent Trust Hub on Mar 24, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes bash scripts that utilize curl for network requests and jq for JSON processing. These operations are restricted to the primary function of the skill (interfacing with the Exa API).
  • [DATA_EXFILTRATION]: Scripts access the configuration file ~/.clawdbot/credentials/exa/config.json to retrieve the user-provided API key. This key is transmitted exclusively to the official Exa API endpoint (api.exa.ai) for authentication purposes. This is standard behavior for an API-dependent tool.
  • [CREDENTIALS_UNSAFE]: No hardcoded credentials were found. The skill documentation instructs users to manage secrets using a local configuration file, which is a recognized safe practice for secret management.
  • [SAFE]: Analysis of all scripts and metadata confirms the skill is focused on its stated purpose of neural web search. Parameter handling in shell scripts uses proper escaping with jq --arg, and there are no instances of remote code execution or obfuscation.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 24, 2026, 12:25 AM