Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
多引擎全自动搜索聚合器
v1.0.3自动调用所有已安装搜索技能并行检索,去重交叉验证后整合排序,提供最全面、准确、实时的搜索结果。
⭐ 0· 114·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (multi-engine aggregator) matches the code: it discovers search-related skills and invokes them to aggregate results. However SKILL.md refers to Unix-like ~/.openclaw paths while run.py uses hardcoded Windows paths (C:\Users\86195\.openclaw\...), which is an inconsistency. The code also depends on curl.exe for direct Bing fallback even though the registry metadata lists no external binary requirements.
Instruction Scope
The script scans local skill directories and launches each discovered skill as a subprocess, passing the user query and relying on a shared TEMP file (mes_result.json) for child-to-parent communication. This means the aggregator will execute arbitrary installed skill code with the agent user's privileges and will write/read plaintext query files in a shared temp location. The instructions/code also perform direct network requests (Bing via curl) as a fallback. These behaviors can expose sensitive queries to child scripts, other users/processes on the machine (via temp files), or external endpoints.
Install Mechanism
There is no install spec (instruction-only with bundled run.py). That minimizes supply-chain install risk; nothing is downloaded or extracted at install time. However the packaged run.py itself contains the execution logic, so the code shipped with the skill is what will run.
Credentials
The skill declares no required environment variables or credentials, which aligns with its local-aggregation purpose. It does, however, rely implicitly on the system TEMP directory (os.environ.get('TEMP')) and on the presence of curl.exe — neither of which are declared. The script also assumes the ability to read ~/.openclaw/skills (or the Windows equivalent) and execute scripts found there; that is expected for aggregating installed skills but grants broad local access.
Persistence & Privilege
The skill does not request always:true and is user-invocable only. It does spawn unbounded parallel workers in practice (ThreadPoolExecutor with max_workers=len(skills)), which could be large and cause resource exhaustion. It also uses a global temp file name for inter-process communication, creating possible race/symlink attacks or data leakage; but it does not attempt to modify other skills' configurations or request permanent platform privileges.
What to consider before installing
Before installing, consider these risks and mitigations:
- The aggregator will execute any 'search' skill found in your local skills directories with your user privileges. Audit the installed search skills first — a malicious or compromised skill can read files, network, and exfiltrate queries.
- The tool writes the query and reads results via shared TEMP files (mes_in.json / mes_result.json). Queries are stored in plaintext in the system temp directory and could be read by other local users/processes; child scripts may also write unexpected data. Prefer running in an isolated account or VM if queries are sensitive.
- The code contains inconsistent path assumptions (hardcoded Windows user path vs SKILL.md's ~/ paths) and an implicit dependency on curl.exe; it may fail or behave unexpectedly on non-Windows systems.
- Parallelism uses one worker per discovered skill; if you have many skills this may exhaust resources. The use of a single global temp filename introduces race conditions and possible tampering.
Recommendations: only install if you (a) inspect and trust the local search skills that will be invoked, (b) are comfortable with queries being written to the system temp directory, and (c) can run the aggregator in an isolated environment. If you plan to use it, modify the code to use per-process temp files (securely created), limit concurrency, and avoid hardcoded user paths or undocumented external binary requirements.Like a lobster shell, security has layers — review code before you run it.
latestvk97e89af3vhkb2ezbzjypwsztx83y9dx
License
MIT-0
Free to use, modify, and redistribute. No attribution required.