smart-search Security Report — Trusted | ClawSafe

5 /100

smart-search

Intelligent web search routing across Gemini and Brave APIs with quota management, circuit breaker, and web_fetch fallback

Well-architected search routing skill with robust security controls including SSRF protection, prompt injection defense, proper API key handling, and clear documentation matching implementation.

Skill Namesmart-search

Duration37.1s

Enginepi

✓

Safe to install

This skill is safe to deploy. The only flagged IOC (169.254.0.0) is a legitimate security feature - the isSafeUrl() function correctly blocks APIPA addresses as part of SSRF protection.

Findings 1 items

Severity	Finding	Location
Low	Dependency version not strictly pinned package.json uses caret range ^4.1.2 for proper-lockfile. While not a direct vulnerability, exact pinning prevents supply chain surprises. `"proper-lockfile": "^4.1.2"` → Consider pinning to exact version "4.1.2" for reproducible builds.	`package.json:7`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`READ`	`READ`	✓ Aligned	index.js:29 - reads openclaw.json and quota JSON
Network	`READ`	`READ`	✓ Aligned	index.js:461-522 - API calls to Gemini/Brave; index.js:537 - web_fetch via tool …
Shell	`NONE`	`NONE`	—	No subprocess/spawn calls found in index.js
Environment	`READ`	`READ`	✓ Aligned	index.js:29,419 - reads SEARCH_QUOTA_PATH and OPENCLAW_CONFIG_PATH
Skill Invoke	`NONE`	`NONE`	—	No skill_invoke capability used
Clipboard	`NONE`	`NONE`	—	No clipboard access found
Browser	`NONE`	`NONE`	—	Web fetch via harness tool protocol, not direct browser control
Database	`NONE`	`NONE`	—	JSON file used for quota, not a database

1 High 6 findings

📡

High IP Address 硬编码 IP 地址

169.254.0.0

index.js:54

🔗

Medium External URL 外部 URL

https://clawhub.ai

.clawhub/origin.json:3

🔗

Medium External URL 外部 URL

https://api.search.brave.com/res/v1/web/search?q=$

index.js:512

🔗

Medium External URL 外部 URL

https://www.google.com/search?q=$

index.js:560

🔗

Medium External URL 外部 URL

https://www.bing.com/search?q=$

index.js:561

🔗

Medium External URL 外部 URL

https://duckduckgo.com/html/?q=$

index.js:562

File Tree

12 files · 64.9 KB · 1728 lines

JavaScript 1f · 1006L Markdown 6f · 581L Shell 2f · 116L JSON 3f · 25L

├─ ▾ 📁 .clawhub

│ └─ 📋 origin.json JSON 7L · 144 B

├─ ▾ 📁 .learnings

│ ├─ 📝 ERRORS.md Markdown 3L · 75 B

│ ├─ 📝 FEATURE_REQUESTS.md Markdown 3L · 69 B

│ └─ 📝 LEARNINGS.md Markdown 28L · 530 B

├─ ▾ 📁 references

│ ├─ 📝 openclaw-config.md Markdown 54L · 2.1 KB

│ └─ 📝 quota-system.md Markdown 62L · 2.3 KB

├─ ▾ 📁 scripts

│ ├─ 🔧 reset-quota.sh Shell 31L · 997 B

│ └─ 🔧 setup.sh Shell 85L · 3.5 KB

├─ 📋 _meta.json JSON 6L · 120 B

├─ 📜 index.js JavaScript 1006L · 39.4 KB

├─ 📋 package.json JSON 12L · 310 B

└─ 📝 SKILL.md Markdown 431L · 15.4 KB

Dependencies 1 items

Package	Version	Source	Known Vulns	Notes
`proper-lockfile`	`^4.1.2`	npm	No	Version not strictly pinned; no known vulnerabilities

Security Positives

✓ Comprehensive SSRF protection via isSafeUrl() checking all RFC-1918, loopback, link-local, and ULA ranges

✓ Prompt injection defense via INJECTION_PATTERN regex stripping common jailbreak attempts

✓ API keys held in memory only, never logged or written to disk

✓ Circuit breaker pattern prevents hammering failed APIs

✓ File locking (proper-lockfile) prevents quota file corruption from concurrent writes

✓ Input validation with regex sanitization for agent_id and query parameters

✓ 31-line SKILL.md with detailed documentation matching implementation

✓ No base64-encoded payloads, eval(), or dynamic code generation

✓ No credential harvesting patterns - only reads keys for legitimate API calls

✓ No curl|bash or wget|sh remote execution patterns

✓ Log injection protection via MAX_PROVIDER_LENGTH capping before logging

Scan Report

Findings 1 items

File Tree

Dependencies 1 items

Security Positives