SearXNG Local
PassAudited by ClawScan on May 1, 2026.
Overview
This is a coherent instruction-only skill for using a self-hosted SearXNG search service, with a few setup and privacy details users should notice.
This skill appears safe to install as an instruction-only helper, but pin the Docker image if you want reproducibility, change the example secret key before exposing SearXNG, restrict port 8080 if running on a server, and remember that metasearch queries may still reach upstream search engines.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the upstream Docker image changes, future installs may run different software than the author originally tested.
The setup instructions pull an unpinned Docker image tag. This is purpose-aligned for installing SearXNG, but the exact image contents can change over time.
image: searxng/searxng:latest
Pin the Docker image to a specific version or digest if you need reproducible installs.
Sensitive search queries could be sent through the configured SearXNG service to upstream search engines, depending on that instance's configuration.
The skill is explicitly built around querying a SearXNG instance that aggregates external search providers. This is expected for the purpose, but users should understand that search terms may be part of an external provider workflow even when the SearXNG instance is self-hosted.
aggregates results from Google, DuckDuckGo, Brave, Startpage, and 70+ other engines
Avoid highly sensitive searches unless you trust and understand the SearXNG instance and its configured engines.
The SearXNG service may continue running until the user explicitly stops it.
The Docker example configures the SearXNG container to keep running across restarts. This is disclosed and appropriate for a local search service, but it is persistent background behavior.
restart: unless-stopped
Use the documented docker compose down command when you no longer want the service running, and restrict network exposure if running on a server.