Local Websearch 1
PassAudited by ClawScan on May 1, 2026.
Overview
This is a simple SearXNG web-search wrapper with no malicious behavior found, though users should trust the configured search endpoint and note minor packaging inconsistencies.
This skill appears safe for its stated purpose. Use it only with a trusted SearXNG endpoint, avoid putting sensitive personal data in search queries, and confirm the packaged command path and SEARXNG_URL setup are correct before relying on it.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your search terms will be visible to the SearXNG instance you configure, and potentially to whatever upstream engines that instance uses.
The tool sends the search query to the configured SearXNG server. This is purpose-aligned and disclosed, but users should understand that queries leave the local agent and go to the configured endpoint.
url = f"{base_url}/search?{urllib.parse.urlencode(params)}" ... urllib.request.urlopen(req, timeout=30)Set SEARXNG_URL only to a SearXNG instance you trust, preferably one you operate or that has acceptable privacy controls.
The skill may fail to run as packaged or may not prompt users for the needed environment variable and Python binary.
The declared command points to scripts/searxng_search.py, but the supplied manifest lists searxng_search.py at the package root. SKILL.md also declares python3 and SEARXNG_URL while registry requirements list none. These are packaging/setup inconsistencies rather than evidence of malicious behavior.
command: python3 {baseDir}/scripts/searxng_search.pyBefore installing, verify the command path is corrected and ensure python3 is available and SEARXNG_URL is set.