Skillv1.0.0

ClawScan security

ddgs (DuckDuckGo Search) · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewFeb 25, 2026, 12:55 AM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill's description and runtime instructions are consistent with a Python ddgs wrapper, but it asks (in the docs) to install a third-party PyPI package at runtime while providing no provenance (homepage/source) and no install spec — this mismatch and lack of verifiable source is a moderate concern.
Guidance: This skill is internally consistent (it simply documents how to use a Python ddgs package), but the package provenance is missing: there is no homepage/source and the registry metadata gives an opaque owner id. Before installing or running this skill, do the following: 1) Verify the PyPI package 'ddgs' (or the intended package) and its publisher—inspect the package page, homepage, and source repository; 2) Audit the package code and setup scripts for install-time actions (setup.py/pyproject hooks) and for network/call-home behavior; 3) Prefer running it in an isolated environment (container or sandbox) or ask the skill author to include an explicit install spec pointing to a verified release; 4) Avoid running the suggested pip install commands on sensitive hosts; 5) Clarify what 'uv' means in the install instructions and verify the 'MCP/API server support' details. If you cannot validate the package source and contents, treat this skill as untrusted.

Review Dimensions

Purpose & Capability: okName/description match the SKILL.md examples: all examples call a Python package named 'ddgs' to perform searches without API keys. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope: noteSKILL.md stays within the expected scope (showing text/news/images/videos/books searches, proxy usage, and error handling). However, it instructs installing and running a third-party Python package (via 'pip install ddgs' and 'uv pip install ddgs') which will execute code outside the agent unless the package provenance is verified. The doc mentions 'MCP and API server support' without describing endpoints or auth, which is vague.
Install Mechanism: concernThere is no formal install spec in the skill bundle; instead SKILL.md recommends installing from PyPI (pip). Installing packages at runtime pulls code from a public registry and can execute install-time code (moderate risk). The 'uv pip install ddgs' line references an uncommon wrapper ('uv') and may be a typo or platform-specific tool — lack of clear, auditable install instructions and absent homepage/source increases risk.
Credentials: okThe skill does not request environment variables, credentials, or config paths. Examples accept an optional proxy string but do not read secrets or other environment state, which is proportional to a search wrapper.
Persistence & Privilege: okalways is false and the skill does not request persistent system-wide changes. There is no code in the bundle that would alter other skills or agent configuration. Autonomous invocation is enabled (platform default) but not combined with other high-risk factors.