Skillv1.0.1

ClawScan security

Duckduckgo Websearch · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 24, 2026, 2:39 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill mostly does what it says (query DuckDuckGo and return structured results), but there are clear inconsistencies between the written instructions and the bundled files that should be resolved before trusting or running it.
Guidance: This skill appears to implement a DuckDuckGo search and SERP parse and does not request credentials, but there are a few things to check before installing or running it: - Clarify the dependency: SKILL.md says "zero external dependencies" but the bundle includes package.json/package-lock and requires node-html-parser. Ensure you or the agent installs dependencies (npm install) before running, or update the script to avoid the dependency. - Robots.txt policy: SKILL.md says the skill will respect robots.txt, but the provided ddg_search.js does not check robots.txt. If you need strict crawling rules, update the script to fetch and respect robots.txt or restrict it from following landing-page fetches. - Network activity: the script makes outbound HTTPS requests to api.duckduckgo.com and duckduckgo.com/html. If you have network policies, be aware of these endpoints. - Run tests locally first: execute the script in a controlled environment (after installing dependencies) to confirm behavior and inspect output before allowing autonomous agent use. - If you want higher assurance: ask the publisher to remove the contradiction in SKILL.md and provide an explicit install step (or vendor the parser) and/or add robots.txt checks in code. Given these inconsistencies (especially the false claim about dependencies), I rate the package as suspicious rather than outright benign.

Review Dimensions

Purpose & Capability: noteName/description align with the code: the Node script queries DuckDuckGo Instant Answer API and falls back to a SERP HTML fetch. However, SKILL.md asserts the script has "zero external dependencies" while the bundle includes package.json and package-lock.json declaring node-html-parser — so the code actually depends on an external npm package.
Instruction Scope: noteRuntime instructions are scoped to web search and returning JSON results. They tell the agent to run the bundled Node script and to respect robots.txt. The script itself performs only GET requests to DuckDuckGo endpoints and parses SERP HTML. The inconsistency: SKILL.md requires obeying robots.txt for page fetches, but the provided script does not check robots.txt (and the script does not fetch landing pages anyway). No unexpected file reads, env leaks, or external endpoints beyond DuckDuckGo are present.
Install Mechanism: concernThere is no install spec (instruction-only), but the repo includes package.json and package-lock with an external dependency (node-html-parser) resolved from the npm registry. SKILL.md claims "zero external dependencies," which is incorrect. This mismatch means running the script as-is may fail unless node-html-parser is installed; it also means the skill implicitly relies on npm-registry packages (standard but worth noting). There are no suspicious download URLs in package-lock (packages come from the npm registry).
Credentials: okThe skill requests no environment variables, no credentials, and accesses no configuration paths. Network access to DuckDuckGo is expected and proportionate to the stated purpose.
Persistence & Privilege: okThe skill does not request persistent presence (always is false) and does not modify system or other-skill configs. It only runs a local script when invoked and prints JSON to stdout.