Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
SearXNG (XiaoDing)
v1.0.5Privacy-respecting metasearch using your local SearXNG instance. Search the web, images, news, and more without external API dependencies.
⭐ 0· 105·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's name/description (local SearXNG search) aligns with included Python CLI code that queries a SEARXNG_URL. However there are inconsistencies: the registry metadata lists no required env vars while SKILL.md and the code require SEARXNG_URL; the repo contains a run-searxng.sh that expects and runs Docker but the skill's declared required binaries only list python3 (Docker is not declared). These omissions are disproportionate to the stated lightweight CLI purpose and should be clarified.
Instruction Scope
SKILL.md instructs running the Python script against a local SearXNG API and to set SEARXNG_URL — that is in-scope. However included helper/run script (run-searxng.sh) writes a config file and launches a Docker container (searxng/searxng:latest) with host networking and restart enabled; README also suggests running Docker. Those actions are outside a minimal 'search' CLI's scope and affect the host (create config dir, run container). The runtime instructions do not attempt to read unrelated host files or export data to unexpected endpoints.
Install Mechanism
There is no formal install spec (instruction-only), which lowers risk, but the provided run-searxng.sh performs a docker pull/run of searxng/searxng:latest and writes config/settings.yml. Pulling an image from Docker Hub is common, but the script uses the image's latest tag (less reproducible) and runs the container with --network host and --restart always. The script assumes Docker is present (but Docker is not declared as a required binary). This install/run approach is higher-privilege than a pure CLI and should be reviewed before execution.
Credentials
The skill expects SEARXNG_URL (declared in SKILL.md metadata) which is appropriate for targeting a local instance. No API keys/credentials are requested, which matches the stated 'no external API deps' design. Caveats: the Python code disables SSL verification (verify=False) to accommodate self-signed certs — this weakens TLS protections and could expose queries to MitM on untrusted networks; config/settings.yml enables the Bing engine without declaring any Bing credentials (user should confirm whether Bing use requires credentials or causes outbound requests to third parties).
Persistence & Privilege
The run-searxng.sh launches a Docker container with --restart always and --network host, which gives the container persistent presence and network-level access equivalent to the host. The skill's registry flags do not mark it as always:true, but the provided script nonetheless configures a persistent service. This is a notable privilege increase compared to a simple CLI and should be explicitly acknowledged by users before running the script.
What to consider before installing
This skill appears to implement exactly what it claims (a CLI that queries a SearXNG JSON API), but review these points before installing or running any helper scripts:
- SEARXNG_URL: You must set SEARXNG_URL to point to your SearXNG instance (SKILL.md requires it). The registry metadata omits this — don't assume the skill will work without that environment variable.
- Docker vs Python: The CLI requires python3 and Python deps (httpx, rich). The repository includes run-searxng.sh which launches a Docker container (searxng/searxng:latest). If you plan to use that script, ensure Docker is installed and you understand the implications; Docker is not declared as a required binary in the skill metadata (inconsistency).
- Review run-searxng.sh: The script writes config/settings.yml and runs the container with --network host and --restart always. Host networking grants the container broad network access on the host and --restart always makes it persist across reboots. Only run it if you trust the Docker image and you want an always-on local service.
- Image provenance: The script pulls searxng/searxng:latest from Docker Hub. Prefer pinned versions/tags for reproducibility and inspect the image provenance if you have stricter security needs.
- TLS risk: The Python client disables SSL verification (verify=False) to accept self-signed certs. If you are not using a local trusted instance or are on an untrusted network, this could expose queries to interception. Consider editing the script to enable verification (verify=True) and using a valid cert.
- Bing engine / external calls: config/settings.yml enables the Bing engine. Confirm whether your SearXNG setup will make outbound requests to third-party services and if any API keys are required; this can affect privacy goals.
- Simple mitigation steps: (1) Inspect scripts before running; (2) run the CLI pointing at an already-running trusted SearXNG instance rather than executing run-searxng.sh; (3) if you need to run the container, change the Docker command to a fixed image tag, review container capabilities, and avoid host network if possible.
Given the above mismatches (undeclared Docker dependency, a helper that creates a persistent host-network container, and disabled SSL verification), treat the package as suspicious until you confirm these behaviors are intentional and acceptable for your environment.Like a lobster shell, security has layers — review code before you run it.
latestvk97d4pfxpkhe7tabntewk084y983fkrw
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🔍 Clawdis
Binspython3