Ddg
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing ddgr through these methods can modify the local system with elevated privileges.
The skill recommends user-directed installation of an external command-line tool, including sudo and source-based install paths. This fits the purpose, but the user should trust the package source before installing.
sudo snap install ddgr ... sudo add-apt-repository ppa:twodopeshaggy/jarun ... git clone https://github.com/jarun/ddgr.git ... sudo make install
Prefer a trusted package manager, verify the project/source, and avoid source installation unless you are comfortable reviewing or trusting that code.
Private or sensitive search terms could be disclosed to external search providers or destination sites.
The skill is explicitly for web search, so search terms leave the local machine for DuckDuckGo and may involve other third-party sites when bangs are used.
Use ddgr (DuckDuckGo from the terminal) to perform privacy-focused web searches ... Use DuckDuckGo bangs to search specific sites: ... !yt ... !gh ... !a
Do not include secrets, private credentials, or highly sensitive personal information in search queries; use additional privacy controls such as Tor/proxy only if appropriate.