v0.1.1

Advanced Searxng Search Skill

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 6:06 AM.

Analysis

The skill appears to be a coherent SearXNG search client, with ordinary privacy and provenance considerations before use.

GuidanceThis appears safe for its intended purpose if you trust the SearXNG instance you configure. Before installing, verify the source/package because the repository and package metadata are inconsistent, and avoid sending sensitive queries to remote instances.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceMediumStatusNote

README.md

pip install searxng-skill # Not yet ready

The README indicates the pip package may not be ready, while other packaging files and SKILL metadata still reference pip/local installation. This is a provenance and packaging consistency issue rather than evidence of malicious behavior.

User impactInstalling from the wrong package or source could result in unexpected code being installed.

RecommendationVerify the package source, repository URL, and version before installing; prefer the reviewed local source if you choose to use it.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication

SeverityLowConfidenceHighStatusNote

searxng_skill/core.py

return self.session.get(url, params=params, timeout=timeout, verify=self.config.verify_ssl)

Search parameters, including the user's query, are sent to the configured SearXNG instance. This is expected for the skill, but remote instances can observe submitted queries.

User impactIf you configure a remote SearXNG server, that server may see your search terms and request metadata.

RecommendationUse a trusted or local SearXNG instance for sensitive searches, keep SSL verification enabled for HTTPS endpoints, and avoid sending private data in search queries.

Memory and Context Poisoning

SeverityInfoConfidenceMediumStatusNote

searxng_skill/core.py

content=result.get("content", "")

The skill returns external search result snippets as structured content. This is core functionality, but those snippets are untrusted web-derived text.

User impactSearch results could contain misleading or prompt-like text that an agent should not treat as authoritative instructions.

RecommendationTreat returned search result titles, snippets, and metadata as untrusted information and verify important claims before acting on them.