multi-search-engine
PassAudited by ClawScan on May 1, 2026.
Overview
This is an instruction-only search helper that appears purpose-aligned, with minor notes about third-party search queries, dual-use search examples, and inconsistent package metadata.
This skill appears safe to use as a search shortcut, but treat it like any public web search: do not search for secrets or confidential information, use advanced operators only for authorized purposes, and verify the publisher/version because the provided metadata is inconsistent.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private or sensitive search terms could be shared with external search providers if the user asks the agent to search for them.
The skill instructs the agent to send search queries to third-party search engines. This is expected for a search integration, but query contents may leave the user's environment.
web_fetch({"url": "https://www.google.com/search?q=python+tutorial"})Use this skill for non-sensitive queries, and avoid sending secrets, personal data, or confidential business information to public search engines.
If misused, the agent could help perform unauthorized reconnaissance using public search engines.
The reference documentation includes advanced search examples that can be used to locate login pages or exposed password-like text. They are presented as search-operator examples, not as hidden or automatic actions.
`inurl:` | URL包含 | `inurl:login admin` ... `intext:` | 正文包含 | `intext:password filetype:txt`
Use advanced search operators only for legitimate, authorized research and avoid prompts that seek credentials, exposed secrets, or unauthorized access targets.
The package identity may be confusing, making it harder to confirm that this is the intended skill version and publisher.
These internal package fields differ from the registry metadata shown for this review, which lists a different owner ID, slug, and version. There is no executable code, but the provenance is somewhat inconsistent.
"ownerId": "kn79j8kk7fb9w10jh83803j7f180a44m", "slug": "multi-search-engine", "version": "2.0.1"
Before installing, verify that the registry listing, owner, slug, and version match the skill you intended to use.