Skills
skills/sundial-org/awesome-openclaw-skills/serpapi-2/Gen Agent Trust Hub

serpapi-2

Pass

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it retrieves and displays untrusted data from the web via search results.
  • Ingestion points: Search data is fetched in scripts/search.sh from the SerpAPI endpoint and passed to scripts/format.py for rendering.
  • Boundary markers: No delimiters or clear instructional boundaries are used to isolate search results from the agent's internal prompt context.
  • Capability inventory: The skill uses curl for network requests and python3 for result formatting. It can access local files for configuration and temporary storage.
  • Sanitization: The script does not perform sanitization or filtering on search snippets or titles, meaning malicious instructions embedded in search results could potentially influence the agent's behavior.
  • [EXTERNAL_DOWNLOADS]: The skill performs network operations to serpapi.com to fetch search results. SerpAPI is a well-known third-party service provider for search engine data.
  • [CREDENTIALS_UNSAFE]: The skill accesses local configuration files at ~/.config/serpapi/api_key and .env to retrieve user-provided API keys. This is a standard and recommended practice for local credential management and does not constitute a security violation.
Audit Metadata
Risk Level
SAFE
Analyzed
May 18, 2026, 03:46 AM
Security Audit — agent-trust-hub — serpapi-2