Skills
skills/sundial-org/awesome-openclaw-skills/exa-web-search-free/Gen Agent Trust Hub

exa-web-search-free

Warn

Audited by Gen Agent Trust Hub on Feb 15, 2026

Risk Level: MEDIUMPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • Indirect Prompt Injection (MEDIUM): The skill retrieves untrusted data from the web and code repositories, creating an attack surface where malicious content could influence agent behavior.\n
  • Ingestion points: Tools such as web_search_exa, get_code_context_exa, and crawling_exa pull external data into the agent context.\n
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the examples or tool descriptions.\n
  • Capability inventory: The skill is primarily a data provider; it does not explicitly include file-write or subprocess execution capabilities, though downstream tools might have them.\n
  • Sanitization: There is no evidence of content filtering or sanitization of the retrieved web data.\n- Unverifiable Dependencies & Remote Code Execution (LOW): The skill configures a connection to a remote MCP server and requires an external binary.\n
  • Evidence: Setup instructions involve mcporter config add exa https://mcp.exa.ai/mcp.\n
  • Context: While Exa is a known service, the use of remote tool definitions introduces an external dependency that must be trusted.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 15, 2026, 10:57 PM