Trust Assessment
grok-search received a trust score of 42/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 3 findings: 1 critical, 2 high, 0 medium, and 0 low severity. Key findings include Sensitive path access: AI agent config, Arbitrary File Read and Exfiltration via Image Upload.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary File Read and Exfiltration via Image Upload The `chat.mjs` script allows users to specify an arbitrary file path via the `--image` flag. The `toDataUrl` function reads the content of this file using `fs.readFileSync` and base64 encodes it. This base64 encoded content is then sent to the xAI API as part of the `input_image` content. An attacker can exploit this to read and exfiltrate sensitive files from the system (e.g., `/etc/passwd`, `~/.clawdbot/clawdbot.json`, `~/.ssh/id_rsa`) by providing their paths as image arguments. The content of these files would be sent to the xAI API, leading to data exfiltration. Implement strict validation and sandboxing for file paths provided via the `--image` flag. Instead of allowing arbitrary paths, restrict image inputs to a predefined, secure directory or temporary files generated by the skill. Ensure that the skill cannot read files outside of its intended scope. If possible, use a file upload mechanism that does not expose file contents directly in the API request body or restrict file types and sizes rigorously. | LLM | scripts/chat.mjs:43 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/notabhay/grok-search/SKILL.md:8 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/notabhay/grok-search/SKILL.md:9 |
Scan History
Embed Code
[](https://skillshield.io/report/061ab284c669ec8e)
Powered by SkillShield