Google Search
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a straightforward Google search API instruction skill that uses AceDataCloud; users should notice it requires an API token and sends queries to an external provider.
This skill appears purpose-aligned and benign. Before using it, make sure you are comfortable sending search queries to AceDataCloud, protect the ACEDATACLOUD_API_TOKEN, and verify the optional MCP package or hosted endpoint if you choose to enable tool integration.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill may consume or bill against the user's AceDataCloud account, and the token should be protected like any API credential.
The skill requires a provider API token for authenticated AceDataCloud access. This is expected for the service, but users should notice it because the registry requirements list no required environment variables or primary credential.
compatibility: Requires ACEDATACLOUD_API_TOKEN environment variable.
Set the token only in trusted environments, avoid exposing it in shared logs or prompts, and verify the token scope and billing behavior with AceDataCloud.
If the user enables the optional MCP integration, they are trusting the package publisher or hosted MCP service in addition to the instruction-only skill.
The optional MCP setup introduces an external package and hosted endpoint that are not pinned or otherwise described by an install spec. This is user-directed and purpose-aligned, but it is additional provenance users should verify.
pip install mcp-serp Or hosted: `https://serp.mcp.acedata.cloud/mcp`
Verify the mcp-serp package source, consider pinning a known version, and review MCP permissions before connecting it to an agent.
Search terms and related request parameters can leave the local environment and be processed by a third-party provider.
Search queries are sent to AceDataCloud's external API. That data flow is central to the skill's purpose, but queries may contain sensitive terms if users or agents include them.
curl -X POST https://api.acedata.cloud/serp/google ... -d '{"query": "latest AI news", "search_type": "search"}'Avoid sending secrets, private customer data, or confidential internal topics as search queries unless that use is allowed by policy.