Web Search Instant
PassAudited by ClawScan on May 1, 2026.
Overview
This appears to be a straightforward DuckDuckGo instant-answer search skill, with the main things to notice being that search queries go to DuckDuckGo and local tool dependencies are under-declared.
This skill looks suitable for quick public web facts and definitions. Before installing, be aware that queries are sent to DuckDuckGo, avoid searching for secrets or private data, and make sure curl or wget is available even though the registry metadata does not declare those dependencies.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anything the agent searches for may be shared with DuckDuckGo as part of the API request.
The script sends the user’s search query to DuckDuckGo’s API. This is disclosed and purpose-aligned, but search terms may contain private or sensitive information.
API_BASE="https://api.duckduckgo.com" ... RESPONSE=$(curl -sL --max-time 10 "$API_URL")
Avoid putting secrets or private personal data into search queries, and consider adding explicit metadata that declares external network/API use.
The skill may fail unless curl or wget is available, and users may need to install optional parsing tools manually.
The runnable script depends on local binaries, while the registry metadata declares no required binaries. This can cause installation/runtime confusion but does not show hidden or malicious behavior.
if command -v curl &> /dev/null; then ... elif command -v wget &> /dev/null; then ... else ... "Error: Neither curl nor wget is installed"
Declare curl or wget as required dependencies and document jq/python3 as optional or fallback dependencies in metadata.