search-x
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [DATA_EXFILTRATION] (HIGH): The script
scripts/search.jsaccesses the sensitive configuration file~/.clawdbot/clawdbot.json. This file likely contains multiple credentials for the agent environment. Accessing shared credential stores increases the risk of unintended data exposure. - [PROMPT_INJECTION] (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) because it ingests untrusted external data. Evidence: 1. Ingestion points: Untrusted tweet content is fetched from the xAI API in
scripts/search.js. 2. Boundary markers: None. The tweet content is printed directly to stdout for the agent to consume without delimiters. 3. Capability inventory:scripts/search.jshas network access (https) and file system read access (fs). 4. Sanitization: None. The content is used exactly as returned by the API. - [COMMAND_EXECUTION] (LOW): The skill is designed to be executed via
nodecommands, as defined inSKILL.mdandpackage.json.
Recommendations
- AI detected serious security threats
Audit Metadata