ClawAudit verdict

smart-search

openclaw-smart-search

88
🟢 Trusted
Low risk — reviewed by ClawAudit, behavior matches stated purpose

Writes files AND executes processes

A unified search aggregator that installs npm deps, configures API keys for named search providers (Tavily, Serper, Exa, etc.), and runs queries; keys are stored locally in an encrypted file and used only to call their respective legitimate APIs.

Automated static analysis — not a human review. ClawAudit flags capabilities, not confirmed intent, and can produce false positives. Disagree with this verdict? Use Dispute below.

0
security
80
transparency
80
maintenance

What it does

These are capability combinations: each listed behavior occurs in the skill, but ClawAudit detects co-occurrence — it does not verify that one flows into another. Read the code to confirm a live chain.

Capability combination critical

Writes files AND executes processes — may drop and execute malicious scripts

LLM05 · LLM06 · ASI05

Capability combination high

Installs packages AND executes processes — opaque dependency chain with execution

LLM03 · ASI04

Permission integrity

Installs packages at runtime — transitive dependencies are not auditable

package_install

Findings (9)

Pattern match critical

Possible hardcoded credential

CONFIG_AND_TEST.md · code · API_KEY="sk-xxxxxxxxxxxxxxxxxxxxxxxx

Pattern match high

Accesses shell history/config

SKILL.md · code · ~/.zshrc

Pattern match high

Uses exec() — may execute shell commands

SKILL.md · code · exec(

Pattern match high

Uses spawn() — can execute external programs

SKILL.md · code · spawn(

Pattern match medium

References child_process — can spawn system processes

SKILL.md · prose · downgraded · child_process

Pattern match medium

Dynamic import() — loads module at runtime

jest.config.js · prose · downgraded · import('

Pattern match low

Accesses sensitive environment variables

dist/scripts/setup-bailian.js · prose · downgraded · process.env.OPENCLAW_MASTER_KEY

Pattern match low

Node http/https module — low-level network access

dist/src/engines/exa.js · prose · downgraded · require("https")

Pattern match low

Popular HTTP library — network access

package.json · prose · downgraded · node-fetch

Why the tier is capped

Execution sink present in raw bytes (Hard Floor: class B/D/F). Final tier capped at Caution — cannot be lifted by any downgrade, example-payload opt-in, or allowlist.

Permissions & capabilities

No declared permissions — minimal attack surface.

package_installdata_encodingfile_writeprocess_exec
Check another skill Browse the registry Auditing your own skills or configs? Use the API