SearXNG Metasearch

ReviewAudited by ClawScan on May 1, 2026.

Overview

The skill is a coherent instruction-only guide for using SearXNG, with some disclosed setup choices users should secure before exposing it beyond their own machine.

This skill is reasonable for setting up and using SearXNG. Before installing the Docker example, consider pinning the image version, changing the placeholder secret key, and restricting port 8080 to localhost or trusted networks unless you intentionally want to host a public service.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Low

#ASI04: Agentic Supply Chain Vulnerabilities

What this means

A later Docker image update could change behavior or introduce bugs compared with the version the user expected.

Why it was flagged

The Docker setup uses an unpinned image tag, so future installs may pull a different image version than the one originally reviewed.

Skill content

image: searxng/searxng:latest

Recommendation

Pin the Docker image to a specific version or digest if reproducibility matters.

Medium

#ASI02: Tool Misuse and Exploitation

What this means

Other devices on the network, or possibly the internet if hosted publicly, may be able to reach the SearXNG instance.

Why it was flagged

The example configuration can make the SearXNG service listen beyond localhost depending on Docker and host firewall settings.

Skill content

ports:
      - "8080:8080"
...
bind_address: "0.0.0.0"

Recommendation

Bind to localhost or restrict access with firewall/reverse-proxy authentication unless public access is intentional.

Low

#ASI10: Rogue Agents

What this means

The service may continue running across restarts until the user explicitly stops it.

Why it was flagged

The Docker compose example configures the SearXNG container as a persistent background service.

Skill content

restart: unless-stopped

Recommendation

Use the provided stop command when no longer needed, and remove the container/configuration if you do not want a persistent search service.

Low

#ASI07: Insecure Inter-Agent Communication

What this means

Sensitive search terms may be visible to the SearXNG server operator and potentially to upstream search providers.

Why it was flagged

Search queries are handled by the configured SearXNG instance and may be relayed to upstream search engines; this is expected for a metasearch tool but relevant for sensitive queries.

Skill content

aggregates results from Google, DuckDuckGo, Brave, Startpage, and 70+ other engines

Recommendation

Use a trusted SearXNG instance and avoid highly sensitive searches unless you understand how your instance is configured.