ClawHub

omnisearch

v1.0.0

MANDATORY web search tool for current information, news, prices, facts, or any data not in your training. This is THE ONLY way to search the internet in this OpenClaw environment. ALWAYS use this skill when the user asks for web searches or when you need up-to-date information.

1· 2.1k·2 current·2 all-time
by@bguidolim
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name, description, and the small wrapper script align: the skill runs a local script that invokes mcporter to perform web searches using listed providers. No unrelated binaries, env vars, or install steps are requested.
!
Instruction Scope
SKILL.md instructs the agent to ALWAYS run this skill for web queries and explicitly says 'don't ask permission' and 'ALWAYS run the search immediately'. That mandates automatic network calls and sending user queries to external providers without safeguards or guidance to avoid sending sensitive/PII — a privacy/exfiltration risk and scope creep beyond simply 'perform a search'.
Install Mechanism
Instruction-only skill with a tiny shell script (471 bytes). No installer, no downloads, nothing is written to disk beyond the included script. Low install risk.
Credentials
Skill declares no required env vars or credentials, but it invokes 'mcporter' and lists provider names (Perplexity, Kagi, Brave, Tavily, Exa). Those providers commonly require API keys or configuration; those credentials are not declared here. This omission is unexpected and means provider authentication/telemetry will depend on global mcporter configuration (not surfaced), which is worth auditing.
Persistence & Privilege
No always:true flag, no install script, and the skill does not request to modify other skills or system configuration. Autonomous invocation is allowed (default) but not exceptional on its own.
What to consider before installing
This skill does what it says (runs searches via mcporter) but its runtime instructions are worrying: it tells the agent to automatically send queries to external providers and not to ask the user first. Before installing or enabling it, consider: 1) Where does mcporter send queries? Audit mcporter's config and provider endpoints. 2) Do provider integrations require API keys or tokens stored elsewhere? If so, those are not declared and may be used silently. 3) Require explicit user consent or a confirmation step before performing searches (especially when queries might include personal, proprietary, or sensitive data). 4) Test in an isolated environment and verify logs to ensure no unexpected data exfiltration. 5) If you manage an org, consider restricting autonomous invocation or modifying SKILL.md to instruct the agent to prompt the user before sending any query that contains PII or confidential content.

Like a lobster shell, security has layers — review code before you run it.

ai-searchvk97aexhp8gac64axkekjqkmg6980a5qglatestvk97aexhp8gac64axkekjqkmg6980a5qgmcportervk97aexhp8gac64axkekjqkmg6980a5qgomnisearchvk97aexhp8gac64axkekjqkmg6980a5qgweb-searchvk97aexhp8gac64axkekjqkmg6980a5qg

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments