Is super-websearch-realtime safe?

https://clawhub.ai/ytthuan/super-websearch-realtime

90
SAFE

This is a minimal, declarative web search skill that poses very low risk. It contains no executable code, no data exfiltration vectors, and no sophisticated prompt injection techniques. The only notable observations are standard persona-setting behavior and the openclaw runtime's access to sensitive config files during installation, which is framework behavior rather than skill behavior.

Category Scores

Prompt Injection 88/100 · 30%
Data Exfiltration 95/100 · 25%
Code Execution 100/100 · 20%
Clone Behavior 85/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 85/100 · 5%

Findings (5)

LOW Persona override via system prompt -5

The skill sets 'You are a real-time search assistant' as a system prompt, which overrides the agent's default persona. This is standard skill behavior but worth noting as it shapes agent behavior.

LOW Behavioral directive to always use tool first -7

The instruction 'Always attempt to use the web_search_preview tool first' creates a mild behavioral bias toward web searches even when cached knowledge might suffice. This is within reasonable scope for a search skill.

INFO Runtime reads sensitive config paths -15

The openclaw agent runtime (not the skill itself) reads .env, .aws/credentials, and various config files during skill installation. This is expected framework behavior but the .aws/credentials access is noteworthy from a defense-in-depth perspective.

INFO No exfiltration vectors found -5

The skill contains no mechanisms for data exfiltration. It is purely declarative markdown with a single tool declaration (web_search_preview).

INFO Search query steering potential -15

The {{topic}} template variable could theoretically be used to steer search queries if a malicious actor controlled the input, but this is an inherent property of all search tools rather than a skill-specific flaw.