ClawHub
Back to skill
v2.1.3

Multi Search Engine

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 5:20 AM.

Analysis

This instruction-only skill is purpose-aligned for web search, but users should notice that it sends queries to many external search engines and temporarily handles search-engine cookies.

GuidanceThis appears safe for ordinary web-search assistance. Be aware that search terms are sent to external engines, avoid entering highly sensitive personal or confidential queries, and verify the package version because the metadata is not fully consistent.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
SKILL.md
Use web_fetch to execute search requests with rate limiting... Batch requests in groups of 3-4 engines... If access is denied (403/429), fetch engine homepage to obtain fresh session cookies

The skill instructs the agent to make automated requests to multiple search engines and retry with newly obtained session cookies. This is disclosed and aligned with search aggregation, but it can trigger provider blocks or terms-of-service issues if overused.

User impactYour query may be sent to several search providers, and repeated automated searching may be rate-limited or blocked.
RecommendationUse the skill for normal, user-directed searches; avoid sensitive queries and stop if a site denies or rate-limits access.
Agentic Supply Chain Vulnerabilities
SeverityInfoConfidenceMediumStatusNote
metadata
Registry version: 2.1.3; _meta.json version: 2.0.1; metadata.json version: 2.1.0; Source: unknown; Homepage: none

The package is instruction-only and has no install script, but the source is not identified and version metadata is inconsistent across supplied artifacts.

User impactIt may be harder to verify package provenance or confirm exactly which release you are reviewing.
RecommendationBefore installing, confirm the publisher and intended version in ClawHub, especially if future releases add executable files or install steps.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityInfoConfidenceHighStatusNote
SKILL.md
Cookies are stored ONLY in memory during runtime... No cookies are read from or written to config.json or any file... Only session cookies from search engine domains are captured

The skill handles temporary search-engine session cookies. The artifacts explicitly bound them to runtime memory and search-engine domains, with no local browser cookie or credential access described.

User impactThe agent may temporarily reuse search-engine session cookies during a search session, but the artifacts do not show persistent storage or use of your personal login cookies.
RecommendationDo not provide personal account cookies or credentials to this skill; keep cookie use limited to transient search sessions as documented.