Google Search Unlimited V2
PassAudited by ClawScan on May 10, 2026.
Overview
This appears to be a coherent search-and-caching skill, but users should notice that it uses external search services, stores search queries locally, and relies on self-described safety/performance claims.
This skill looks purpose-aligned for web search, but install it in an isolated Python environment, be mindful that queries may go to external providers, avoid sensitive searches unless you manage the cache carefully, and treat the included approval/performance claims as marketing rather than a guarantee.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your search queries may be routed to external search services depending on availability and configuration.
The skill is designed to call multiple external search mechanisms and automatically fall back between them. This is expected for the stated purpose, but users should know searches may be sent to different providers.
DuckDuckGo, Brave Search ... Google API ... Lightweight HTTP ... Automatic failover
Use the skill only for queries you are comfortable sending to third-party search providers, and configure the method explicitly if provider choice matters.
If configured, the skill can use your Google Custom Search API quota.
The skill optionally uses Google Custom Search credentials. This is normal for Google API integration, and the provided artifacts do not show credential logging, hardcoding, or unrelated use.
GOOGLE_API_KEY=your_key GOOGLE_CSE_ID=your_cx
Use a restricted API key where possible and monitor quota usage.
Sensitive searches could remain on disk in the skill's cache and be visible to anyone with access to the local files.
The cache stores query text and method information in a local SQLite database, and helper scripts can display cached queries. This is disclosed and useful for caching, but it persists potentially sensitive search terms.
SELECT query_text, method, created_at FROM search_cache ORDER BY created_at DESC LIMIT 5;
Avoid searching highly sensitive terms, periodically clear the cache, and set conservative TTL/size values if privacy matters.
Future installs may receive different package versions than the author tested.
The skill depends on common Python packages, but the metadata does not pin versions. This is typical for small Python tools but gives less reproducible dependency provenance.
"packages": ["requests", "beautifulsoup4", "lxml"]
Install in a virtual environment and consider pinning dependency versions before production use.
Users may over-trust the skill based on promotional or self-attested claims.
The package includes self-generated approval and safety claims. They may be benign documentation, but they should not be treated as independent proof of security.
Status: ✅ APPROVED FOR PRODUCTION ... Aucune vulnérabilité de sécurité détectée
Rely on the actual reviewed behavior and your own testing rather than the included approval/marketing statements.