ClawHub

searxng-tool-for-openclaw

PassAudited by ClawScan on May 1, 2026.

Overview

This appears to be a straightforward SearXNG web-search plugin; the main things to notice are npm installation and search queries being sent to the configured SearXNG service.

This skill looks appropriate if you want OpenClaw to search through SearXNG. Before installing, make sure you trust the npm package and configure it to use a SearXNG instance you control or trust; do not use it to search for secrets, and treat returned web content as untrusted.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Low
#ASI04: Agentic Supply Chain Vulnerabilities
What this means

Installing it will add code from npm into the OpenClaw environment.

Why it was flagged

The skill is installed through npm packages and creates binaries, which is normal for this OpenClaw plugin but means the user is trusting those package artifacts.

Skill content
[0] node | package: openclaw ... [1] node | package: searxng-tool-for-openclaw
Recommendation

Install only from the expected package/repository and use normal package-provenance checks before installing.

Low
#ASI02: Tool Misuse and Exploitation
What this means

Search terms the agent chooses may be sent to your configured SearXNG instance.

Why it was flagged

The agent tool sends search queries to the configured SearXNG service. This is the core purpose of the plugin and is bounded to SearXNG search requests.

Skill content
url.searchParams.set("q", query); ... const response = await fetch(url, { method: "GET"
Recommendation

Use a trusted SearXNG instance, preferably local or HTTPS if remote, and avoid asking the agent to search for secrets or private data.

Low
#ASI06: Memory and Context Poisoning
What this means

Web result text could contain misleading or prompt-like content that should not override the user's instructions.

Why it was flagged

The plugin returns web-result content, answers, suggestions, corrections, and infoboxes into the agent context. These are untrusted search results, which is expected for a search tool.

Skill content
content: typeof result.content === "string" ? result.content : undefined, ... answers: Array.isArray(payload.answers) ? payload.answers : []
Recommendation

Treat search results as untrusted reference material and verify important information before acting on it.