Skillv2.0.1

ClawScan security

multi-search-engine · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 12, 2026, 7:22 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is internally coherent: it only composes deterministic search URLs from local templates (no network calls or secrets) and the required files and python3 are proportionate to its stated purpose; a few minor metadata/config inconsistencies are noted but not suspicious.
Guidance: This skill appears safe and does what it says: it generates search URLs locally and won't call out to the network or request secrets. Before installing, you may want to: (1) open resources/engine-catalog.json and confirm the listed engine endpoints/domains match your expectations (some entries use region-specific domains, e.g., bing-int points to a cn.bing.com host), (2) note the small metadata/config inconsistencies (declared config.json requirement not used by the script and version numbers differ) — harmless but worth correcting, (3) run the included smoke tests locally (python3 scripts/build_search_urls.py ...) to confirm behavior, and (4) remember that opening any generated URL will contact third-party search engines and may expose query content to those services, so avoid generating URLs containing sensitive secrets.

Review Dimensions

Purpose & Capability: noteName/description (multi-search URL builder and comparator) match the code and resources: the CLI script + engine catalog are appropriate. Minor mismatch: SKILL.md frontmatter lists config.json as a required config but the main script reads only resources/engine-catalog.json (it does not read config.json). Also some metadata files show different version strings (registry lists v2.0.1 while SKILL.md/metadata.json indicate v2.1.0). These are housekeeping inconsistencies, not functional red flags.
Instruction Scope: okSKILL.md instructs the agent to build and inspect search URLs and to only open pages explicitly. The script composes queries, encodes parameters, reads the local catalog, and prints URLs; it does not perform network access, execute shell commands, read other system files, or exfiltrate data.
Install Mechanism: okNo install spec; the skill is instruction-only with a single Python script. The only runtime dependency is python3 and there are no downloads or archive extraction. This is low-risk and proportionate.
Credentials: okThe skill requests no environment variables or secrets. Required config paths are local JSON/text resources. The script does not access environment variables or credentials. Proportional to purpose.
Persistence & Privilege: okalways:false and no mechanism to persist or modify other skills or system-wide agent settings. The skill does not write files or store tokens; it only prints structured output to stdout.