Web Search
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill coherently performs DuckDuckGo web searches, with the main notes being an unpinned Python dependency and external sharing of search queries with DuckDuckGo.
This appears appropriate for ordinary web search use. Before installing, be aware that it depends on an unpinned Python package and that your search terms are sent to DuckDuckGo; avoid entering secrets or highly sensitive private information as queries.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
64/64 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the skill may require trusting the current PyPI release of duckduckgo-search and its dependencies.
The skill relies on a third-party PyPI package installed without a version pin or lockfile. This is central to the stated search function, but it creates a normal supply-chain dependency users should recognize.
pip install duckduckgo-search
Install from a trusted Python environment and consider pinning or reviewing the package version for controlled or production use.
Search terms may reveal interests, research topics, or sensitive subjects to the external search service or network path.
The script passes the user's query to the DuckDuckGo search client. This is expected for a web search tool, but it means search terms are shared with an external provider.
results = list(ddgs.text(
keywords=query,
region=self.region,
safesearch=self.safe_search,Avoid using confidential secrets, private personal data, or sensitive internal information as search queries unless sharing them with the external search provider is acceptable.