SearXNG Self-Hosted Search
PassAudited by ClawScan on May 1, 2026.
Overview
This is a coherent instruction-only SearXNG search skill, with a few setup details users should review such as the persistent Docker service, network exposure, and unpinned container image.
This skill appears safe and purpose-aligned as an instruction-only guide. Before using the Docker setup, consider pinning the SearXNG image version, binding the service to localhost if it should not be network-accessible, and remembering that your searches go through the configured SearXNG instance and its upstream search providers.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A future container update could change behavior or introduce a vulnerability even though this is a normal way to install SearXNG.
The setup pulls an external Docker image using the moving `latest` tag, so future installs may run a different image than the one the user expected.
image: searxng/searxng:latest
Pin the Docker image to a specific trusted version or digest, and update intentionally after review.
Other devices may be able to reach the SearXNG instance if the host is on an accessible network.
The example exposes the SearXNG service on port 8080 and configures it to listen on all interfaces, which may make the search API reachable beyond the local machine depending on the host network and firewall.
ports:
- "8080:8080"
...
bind_address: "0.0.0.0"For local-only use, bind Docker to localhost, for example `127.0.0.1:8080:8080`, or protect the service with firewall rules, authentication, or a secured reverse proxy.
The SearXNG container can keep running after the initial setup until the user stops or disables it.
The setup runs SearXNG as a detached service and configures it to restart automatically. This is expected for a self-hosted service, but it is persistent background behavior.
restart: unless-stopped ... docker compose up -d
Only run the persistent container if you want an always-available search service, and use `docker compose down` or change the restart policy when it is no longer needed.
Search terms may be visible to the SearXNG host and may be forwarded as part of metasearch operation.
The privacy wording is broadly aligned with self-hosting, but the same instructions allow using a server, so users should not interpret this as a guarantee that searches never leave their device.
SearXNG running locally or on a server. ... Self-hosted: Your data stays on your machine
Use a SearXNG instance you control and avoid sending highly sensitive queries unless you understand how that instance is configured and where it sends requests.