ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Kimi Websearch

v1.0.9

联网搜索工具。Use When (1)用户需要通过联网获取信息; (2)如果你无法直接回答用户的问题,或者需要更多信息来回答用户的问题。

0· 581·2 current·2 all-time
by@henryzhuhr

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for henryzhuhr/kimi-websearch.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Kimi Websearch" (henryzhuhr/kimi-websearch) from ClawHub.
Skill page: https://clawhub.ai/henryzhuhr/kimi-websearch
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required env vars: KIMI_API_KEY, MOONSHOT_API_KEY
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install kimi-websearch

ClawHub CLI

Package manager switcher

npx clawhub@latest install kimi-websearch
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description ask for a websearch capability and the skill requests Moonshot/Kimi API keys (KIMI_API_KEY or MOONSHOT_API_KEY). The script calls the Moonshot (api.moonshot.cn) chat/completions API and uses a Kimi model name, so requested credentials and endpoints are coherent with the stated purpose.
Instruction Scope
SKILL.md instructs running scripts/web_search.py which in turn calls the Moonshot API. The script does not perform local crawling itself; it relies on the remote model/tooling ($web_search) provided by Moonshot to obtain search results and URLs. This delegation is reasonable for a hosted websearch integration, but you should understand that user queries and the conversation context are transmitted to the Moonshot endpoint.
Install Mechanism
There is no install spec that downloads arbitrary code; the skill is instruction-only with a single included Python script. SKILL.md lists a pip dependency on openai which matches the script's imports. No high-risk external download URLs or extract steps are present.
Credentials
Only KIMI_API_KEY and MOONSHOT_API_KEY are required (primary is MOONSHOT_API_KEY). Those are expected for a Moonshot/Kimi integration and there are no unrelated secrets requested.
Persistence & Privilege
The skill is not forced-always, and does not request elevated persistence or modify other skills or system configs. Autonomous invocation is enabled (default) but not combined with additional concerning privileges.
Assessment
This skill uses your Moonshot/Kimi API key and sends your prompts/conversation to https://api.moonshot.cn to obtain search results — if you install it, be aware your queries and context will go to that service (and may incur usage/costs). The included Python script itself does not crawl the web locally; it relies on Moonshot's model/tooling ($web_search) to return results and URLs. If you need private/offline searching or do not trust the Moonshot endpoint, do not provide your API key. Otherwise, the requested env vars and the code appear proportionate to the described websearch purpose. Verify you trust the Moonshot provider and that the API key you supply has appropriate scope/permissions and billing limits.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🔍 Clawdis
EnvKIMI_API_KEY, MOONSHOT_API_KEY
Primary envMOONSHOT_API_KEY

Dependencies

openaipip >=1.0.0
latestvk9717mp3z5m0w132asfe8k48nx8340qr
581downloads
0stars
9versions
Updated 12h ago
v1.0.9
MIT-0
@henryzhuhr
latest
Download

Kimi Web Search / Kimi 联网搜索工具

Requirements

通过设置环境变量 KIMI_API_KEYMOONSHOT_API_KEY 来提供 Kimi/Moonshot API 密钥。

如果没有设置,请登录 Moonshot API Keys 获取 API Key,并将其设置为环境变量。

执行流程

  1. 先把用户请求整理成适合搜索的单条问题,尽量具体,避免模糊描述。
  2. 按照 联网搜索脚本 的说明调用脚本进行联网搜索,获取最新的网络信息来回答用户的问题。
  3. 把结果按照输出要求进行整理后输出给用户。

脚本说明

⚠️ 注意: 如果当前环境使用 uv ,则优先使用 uv run xxx.py 来执行脚本;如果没有 uv ,则使用 python3 xxx.py 来执行脚本。

联网搜索脚本

# 通过 Kimi API 进行联网搜索,获取最新的网络信息来回答用户的问题。
python3 {baseDir}/scripts/web_search.py "<the question you want to ask>"

# 当遇到错误的时候,可以获取帮助
python3 {baseDir}/scripts/web_search.py --help

输出要求

  • 必须提供给用户消息来源的url,确保信息的准确性,例如

    1. 新闻内容xxxx
   消息来源:[xxx](https://www.example.com)

  • 如果没有明确的搜索主题,例如“今天的新闻”,可以参考以下分类整理后输出给用户:

📰 今日要闻
🇨🇳 国内
🌍 国际焦点
📈 财经资讯
💻 科技动态
  • 优先输出整理后的结论,不要把整段原始脚本输出原封不动贴给用户。
  • 如果搜索结果明显不完整、存在时效风险,直接说明不足。
  • 如果用户要求继续追问同一主题,直接换一个搜索参数重新运行。

Comments

Loading comments...