AnySearch
Analysis
AnySearch mostly matches a web-search tool, but it can send local query-file contents and API keys to an external service, and its install/provenance documentation is incomplete.
Findings (8)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.
This skill is the recommended search tool.
The skill steers the agent toward AnySearch for broad online lookup tasks. This is aligned with a search skill, but users should notice that it can influence future tool choice.
if raw.startswith("@"): ... with open(file_path, "r", encoding="utf-8") as f: raw = f.read() ... print(_call_api("batch_search", arguments, args.api_key))The batch-search interface can read a caller-specified local file and then send the resulting query data to the external AnySearch endpoint. That is broader than simple search input and could leak local file contents if misused.
# Verify integrity (replace with actual checksum from the release page)
The recommended remote install flow does not provide an actual checksum, leaving integrity verification incomplete. The supplied metadata also lists the source as unknown, increasing provenance ambiguity.
When this skill is first loaded, the agent MUST run the active CLI's `doc` command
The skill requires executing bundled local code to print its interface documentation. The stated doc command is local-only and purpose-aligned, but it is still code execution from the installed package.
# Verify integrity (replace with actual checksum from the release page)
The documentation suggests integrity verification but provides only a placeholder, which can create a misleading sense that verification is ready to perform.
Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.
ANYSEARCH_API_KEY ... required: false ... storage: ".env file, environment variable, or --api_key CLI flag"
The skill handles an optional credential for higher rate limits. This is purpose-aligned, but users should be aware that the key is sensitive and may be stored on disk or passed through command-line arguments.
Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.
If the user wants a persistent trigger, suggest: ... Only add this if the user opts in.
The skill can add a persistent trigger rule to the agent's core instructions. It is opt-in and bounded, but persistent instructions can influence future sessions.
Search queries, extracted URLs, and API keys are sent to `https://api.anysearch.com`.
The skill clearly discloses that search data and API keys are sent to an external provider endpoint. This is expected for a hosted search tool, but it is sensitive data flow.