Multi Search Engine
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This instruction-only skill is purpose-aligned for web search, but users should notice that it sends queries to many external search engines and temporarily handles search-engine cookies.
This appears safe for ordinary web-search assistance. Be aware that search terms are sent to external engines, avoid entering highly sensitive personal or confidential queries, and verify the package version because the metadata is not fully consistent.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
65/65 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your query may be sent to several search providers, and repeated automated searching may be rate-limited or blocked.
The skill instructs the agent to make automated requests to multiple search engines and retry with newly obtained session cookies. This is disclosed and aligned with search aggregation, but it can trigger provider blocks or terms-of-service issues if overused.
Use web_fetch to execute search requests with rate limiting... Batch requests in groups of 3-4 engines... If access is denied (403/429), fetch engine homepage to obtain fresh session cookies
Use the skill for normal, user-directed searches; avoid sensitive queries and stop if a site denies or rate-limits access.
The agent may temporarily reuse search-engine session cookies during a search session, but the artifacts do not show persistent storage or use of your personal login cookies.
The skill handles temporary search-engine session cookies. The artifacts explicitly bound them to runtime memory and search-engine domains, with no local browser cookie or credential access described.
Cookies are stored ONLY in memory during runtime... No cookies are read from or written to config.json or any file... Only session cookies from search engine domains are captured
Do not provide personal account cookies or credentials to this skill; keep cookie use limited to transient search sessions as documented.
It may be harder to verify package provenance or confirm exactly which release you are reviewing.
The package is instruction-only and has no install script, but the source is not identified and version metadata is inconsistent across supplied artifacts.
Registry version: 2.1.3; _meta.json version: 2.0.1; metadata.json version: 2.1.0; Source: unknown; Homepage: none
Before installing, confirm the publisher and intended version in ClawHub, especially if future releases add executable files or install steps.