中文 EN

Scan Report

Scan New Files

Suspicious — Risk Score 55/100
Last scan:1 day ago Rescan
55 /100
search
Multi-engine web search (SearXNG default, Tavily, Multi-engine)
Skill contains hardcoded API credentials and makes undisclosed external network requests to Tavily's API, with doc-to-code mismatch on credential handling.
Skill Namesearch
Duration40.9s
Enginepi
Use with caution
Remove hardcoded API keys from source code. Use environment variables only and require users to provide their own API keys. Document all network egress points.

Findings 5 items

Severity Finding Location
High
Hardcoded API Credential in Source Code Credential Theft
A Tavily API key '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' is hardcoded in plugin.ts and providers/tavily.ts. This is a developer/testing key exposed in plaintext that could be harvested and abused.
const apiKey = process.env.TAVILY_API_KEY || "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";
→ Remove hardcoded credentials. Require users to provide their own TAVILY_API_KEY via environment configuration. Never commit API keys to source code.
 plugin.ts:75
High
Undisclosed External API Calls Data Exfil
User search queries are sent to api.tavily.com without clear disclosure in SKILL.md. This means user search behavior data is logged by Tavily's service.
const response = await fetch('https://api.tavily.com/search', {...})
→ Document all external API endpoints and data flows. Obtain explicit user consent for data transmission to third-party services.
 providers/tavily.ts:20
Medium
Hardcoded Key Misrepresented as Feature Doc Mismatch
SKILL.md presents Tavily integration as a 'Free (dev)' feature without disclosing that it relies on a hardcoded development API key rather than user-provided credentials.
tavily | ⚡ Fast | ⭐⭐⭐⭐⭐ | Free (dev) | AI-optimized, includes snippets
→ Clearly document credential requirements and explain how API keys should be configured.
 SKILL.md:1
Low
Hardcoded Windows Path Exposes Environment Supply Chain
References to absolute Windows path 'D:\winopenclaw\workspace\skills\_legacy\tavily\search_tavily_news.py' suggest development on a specific machine with specific directory structure.
"D:\\winopenclaw\\workspace\\skills\\_legacy\\tavily\\search_tavily_news.py"
→ Use relative paths or configuration-driven paths. Avoid exposing internal development environment structure.
 plugin.ts:85
Low
Undeclared Shell Execution Capability Priv Escalation
Code uses api.exec() for Python script execution, implying shell:WRITE capability that is not declared in SKILL.md.
const result = await api.exec({ command: "python", args: [...] })
→ Document shell execution as a required capability if intentional, or refactor to use safer alternatives.
 plugin.ts:84
ResourceDeclaredInferredStatusEvidence
Network READ WRITE ✓ Aligned plugin.ts:75, providers/tavily.ts:15 - sends data to api.tavily.com
Shell NONE WRITE ✓ Aligned plugin.ts:84-86 uses api.exec() for Python script execution
5 findings
🔗
Medium External URL 外部 URL
http://127.0.0.1:8080
plugin.ts:74
🔗
Medium External URL 外部 URL
https://www.baidu.com/s?wd=$
plugin.ts:147
🔗
Medium External URL 外部 URL
https://cn.bing.com/search?q=$
plugin.ts:148
🔗
Medium External URL 外部 URL
https://www.google.com/search?q=$
plugin.ts:149
🔗
Medium External URL 外部 URL
https://api.tavily.com/search
providers/tavily.ts:12

File Tree

8 files · 14.8 KB · 465 lines
TypeScript 5f · 389L YAML 1f · 46L Markdown 1f · 25L JSON 1f · 5L
├─ 📁 providers
│ ├─ 📜 multi.ts TypeScript 39L · 1.3 KB
│ ├─ 📜 searxng.ts TypeScript 38L · 1.1 KB
│ └─ 📜 tavily.ts TypeScript 46L · 1.3 KB
├─ 📋 _meta.json JSON 5L · 125 B
├─ 📜 cache.ts TypeScript 65L · 1.4 KB
├─ 📜 plugin.ts TypeScript 201L · 7.2 KB
├─ 📝 SKILL.md Markdown 25L · 983 B
└─ 📋 skill.yaml YAML 46L · 1.5 KB

Dependencies 2 items

PackageVersionSourceKnown VulnsNotes
fetch built-in Node.js No Native fetch used for HTTP requests
crypto built-in Node.js No Used for MD5 cache key hashing

Security Positives

✓ Rate limiting implemented (20 calls/min) to prevent abuse
✓ In-memory caching reduces redundant API calls
✓ Local SearXNG option respects privacy by keeping searches local
✓ Graceful fallback between search engines
✓ No credential exfiltration or C2 communication detected