web-search
ReviewAudited by ClawScan on May 1, 2026.
Overview
This appears to be a legitimate browser-based web search skill, but it sends search terms to external providers and uses stealth/no-sandbox browser automation plus npm/browser downloads.
Before installing, verify the npm/Playwright dependencies, avoid sensitive search terms, and consider running the browser in a constrained environment or removing no-sandbox flags if not required. There is no artifact evidence of credential use, persistence, destructive actions, or unrelated data access.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Searches may be rate-limited, blocked, or conflict with website automation policies.
The skill configures browser automation with a stealth plugin intended to bypass anti-crawler detection. This aligns with the search-scraping purpose, but users should understand how it interacts with site bot defenses.
// 注册 Stealth 插件以绕过反爬虫检测\nchromium.use(stealthPlugin());
Use the skill only where automated searching is permitted, keep search volume reasonable, and prefer official APIs when available.
A browser security issue would have less isolation than it normally would.
The script disables Chromium sandboxing while loading external web pages. Rendering web content is expected for this skill, but disabling the browser sandbox reduces containment if a browser exploit is encountered.
args: ['--no-sandbox', '--disable-setuid-sandbox']
Run the skill in a constrained environment if possible, and remove the no-sandbox flags unless they are required by the local runtime.
Installing dependencies can introduce third-party code onto the local machine.
Setup requires downloading npm packages and a Chromium browser binary. This is expected for Playwright-based search, but package and browser binary provenance still matters.
npm install playwright\nnpx playwright install chromium
Install from trusted registries, use the provided lockfile where possible, and keep Playwright/Chromium updated.
Sensitive or private search terms may be visible to external search providers.
The skill sends the user-provided keyword to multiple external search providers, including an automatic Quark fallback. This is disclosed and central to the purpose, but it means queries leave the local environment.
同时获取 Google 和 Bing 的搜索结果...如果 Google 访问失败,自动使用夸克AI搜索替代
Avoid searching for secrets, private personal data, or confidential business terms unless you are comfortable sharing them with the selected search engines.