Web Search Hub
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the dependency runs third-party package code on the user's machine.
The skill requires an external CLI and an unpinned PyPI package. That is expected for this search helper, but users should trust the source and preferably install in a virtual environment.
Install [OpenClawCLI](https://clawhub.ai/) (Windows, MacOS) and run `pip install duckduckgo-search`
Use a virtual environment, install from trusted sources, and pin or review the duckduckgo-search package version where practical.
A careless invocation could create or overwrite an unintended output file or request an excessive number of results.
The skill documents user-directed local command options that can request many results and save output to a chosen file path. This is useful for search workflows but should remain deliberate.
`--max-results N # Default: 10, range: 1-unlimited` ... `--output <filepath>`
Approve intended output paths and keep result counts reasonable, especially when the agent is invoking the skill on the user's behalf.
Search snippets or pages may contain misleading text or instructions that should not automatically control the agent's behavior.
The script returns external search result content into the agent/user context. Web result titles, snippets, and URLs are untrusted content even though retrieving them is the skill's purpose.
results = list(ddgs.text(... max_results=max_results)); return json.dumps(results, indent=2, ensure_ascii=False)
Treat search results as untrusted evidence, verify important claims, and avoid following instructions found inside snippets or linked pages unless the user explicitly approves.