Skillv2.0.0

ClawScan security

curl-search · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 14, 2026, 11:38 AM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code and instructions match its stated purpose (curl-based web searches); there are no surprising credential or install requests, but the implementation has a few correctness/security caveats you should review before use.
Guidance: This skill appears to do what it says (fetch search results with curl). Before installing or running it: 1) review and test the script in a safe/sandboxed environment; the sanitize implementation may not work on all systems (the sed Unicode syntax is non-portable) and the way the query is inlined into the python -c call is fragile — recommend changing the python invocation to accept the query as an argv (e.g., python3 -c 'import sys,urllib.parse; print(urllib.parse.quote(sys.argv[1], safe=""))' -- "$input") to avoid shell interpolation issues; 2) be aware your queries are sent to external search engines (privacy/exfiltration risk) and scraping may trigger anti-bot measures; 3) if you rely on this in production, consider hardening input handling or using official search APIs and rate-limiting. If you want, I can suggest specific, safer code changes for the sanitize and encode functions.

Review Dimensions

Purpose & Capability: okName/description, SKILL.md requirements (curl, python3), and the included scripts align: the skill fetches search engine pages with curl and processes results locally. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope: noteSKILL.md and scripts stay within the stated scope (perform web searches and return textual snippets). However, the provided sanitization and encoding have implementation weaknesses: the sed expression uses \x{4e00}-\x{9fff} (Unicode escape syntax that many sed variants do not support), and the script embeds the sanitized query directly inside a python -c string for URL encoding rather than passing it as an argument — if sanitization fails (or on different sed implementations) this could allow unexpected characters to reach the shell/python invocation. The script also performs network requests to third-party search engines (expected for this skill).
Install Mechanism: okNo install spec (instruction-only) and only relies on standard system binaries (curl, python3). This is low-risk from an installation perspective because nothing is downloaded or executed during install.
Credentials: okNo required secrets or credentials. Optional env vars (SEARCH_ENGINE, MAX_RESULTS) are reasonable and proportional to the skill's function.
Persistence & Privilege: okSkill is not always-enabled and doesn't request elevated or persistent system-wide configuration. It does not attempt to modify other skills or agent settings.