Naver Search
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: naver-search Version: 1.0.4 The skill is designed to perform Naver searches via SerpAPI, which aligns with its stated purpose. It uses `SERPAPI_API_KEY` from environment variables or a `.env` file for its intended function. While storing API keys in a `.env` file can be a vulnerability if file permissions are not properly secured (as noted in `lib/naver_base.py`), the skill itself does not attempt to exfiltrate this key or any other sensitive data. The `scripts/naver_search.py` uses `subprocess.run` to execute other Python scripts within the same bundle, passing arguments as a list, which prevents shell injection from the query parameter. No evidence of prompt injection, obfuscation, or other malicious intent was found in any of the files, including `SKILL.md` and `README.md`.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your SerpAPI key may be used for searches and could affect your quota or billing if misused.
The skill requires a third-party API credential and allows storing it in a local .env file. This is expected for SerpAPI, but users should handle the key carefully, especially because registry metadata declares no credential requirement.
본 스킬은 **`SERPAPI_API_KEY`** 환경 변수가 필수입니다. ... `.env` 파일에 키를 기입하세요.
Use a scoped SerpAPI key if available, keep the .env file private, do not commit it to shared repositories, and verify the key is only used for intended searches.
A future or different dependency version could behave differently from the one the author tested.
The dependency is listed without a version pin or hash. Installing the latest package is common, but it gives less control over exactly which package version is executed.
serpapi
Prefer a pinned version or lockfile for reproducible installs, and install dependencies from a trusted package index.