Duckse
PassAudited by ClawScan on May 10, 2026.
Overview
This is a coherent web-search skill, with the main caution that its setup instructions use an unpinned remote GitHub install script.
This skill appears safe for normal web searching if you trust the duckse CLI. Before installing, review the GitHub install script or use a pinned/package-managed installation, and avoid sending private or sensitive queries to external search providers.
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the user runs this installer, they execute remote code from the referenced GitHub repository on their machine.
The skill suggests installing the required CLI by piping an unpinned script from the GitHub main branch directly into a shell. This is a common setup pattern, but the installer code is not included in the artifact set and could change over time.
curl -sSL https://raw.githubusercontent.com/dwirx/duckse/main/scripts/install.sh | bash
Inspect the install script before running it, prefer a pinned release or package-manager installation if available, and install in a limited or isolated environment when possible.