Skills
skills/sundial-org/awesome-openclaw-skills/kagi-search/Gen Agent Trust Hub

kagi-search

Fail

Audited by Gen Agent Trust Hub on Mar 22, 2026

Risk Level: HIGHCREDENTIALS_UNSAFEDATA_EXFILTRATION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill attempts to access sensitive configuration files in hardcoded absolute paths to retrieve the KAGI_API_KEY. Specifically, it searches for credentials in /home/matt/clawd/.env and /home/matt/.clawdbot/.env. Hardcoding specific user home directories for credential retrieval is a security risk and indicates potential targeting of specific environments.
  • [DATA_EXFILTRATION]: The script reads sensitive local environment files (.env) and uses the content (the API key) to perform external network requests to https://kagi.com/api/v0/search. While the destination matches the stated purpose, the method of obtaining the secret from unauthorized file paths is a high-risk behavior.
  • [COMMAND_EXECUTION]: The documentation in SKILL.md instructs the user to perform chmod +x and move scripts to ~/.local/bin/kagi-search. While these are standard setup steps for a CLI tool, they involve privilege modification on the local filesystem.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 22, 2026, 01:28 AM