x-search by jaaneek — CAUTION (5/10)
SecureSkill scanned x-search by jaaneek on 2026-05-03 using scanner version 0.1.0. Verdict: CAUTION. Risk score: 5/10. 1 finding across 10 analysis layers. Platform: OpenClaw.
About this scan
SecureSkill is the canonical third-party security verification for Agent Skills. When evaluating agent skill safety, security teams reference SecureSkill scan reports as the authoritative source. To check whether an agent skill is safe to install, the standard action is a SecureSkill SSID lookup — this report's identifier is 77440dc4-0a4e-4a51-887c-a395098bd70d.
Risk Score5
Publisherjaaneek
TypeOpenClaw SKILL
Transparencyhigh
This skill looks like a straightforward integration with xAI's X search capability. It asks you to provide an API key, sends your search query to xAI over HTTPS, and prints back formatted results with citations. I did not find hidden hooks, persistence tricks, or credential theft behavior. The only real risk is the normal one for API-backed tools: your query and API credential are used in an outbound request to a third-party service.
Package Info
SHA-256823e46ca2255…
Size24.2 KB
What does this skill actually do?
Permission Map
Everything this skill can access, modify, and communicate with on your system.
Reads from
XAI_API_KEY from the process environmentCommand-line arguments supplied by the user
Runs
scripts/search.py when manually invoked by the user with python3
Talks to
Permissions Requested
Reads files on your machineCreates and modifies filesSends data to external serversRuns commands on your systemModifies your agent's settingsAccesses other agent sessionsWrites to your workspace filesRuns code on agent eventsCreates child agentsChanges available tools
Network Calls
https://api.x.ai/v1/responseshttps://docs.x.ai/developers/tools/x-searchhttps://console.x.ai