Querit Search
v0.1.0Web search via Querit.ai API. Use when you need to search the web for documentation, current events, facts, or any web content. Returns structured results with titles, URLs, and snippets.
⭐ 3· 1.8k·0 current·0 all-time
byKyle Sun@interskh
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description align with what the code does. The skill requires a single credential (QUERIT_API_KEY) which is used as a Bearer token to call https://api.querit.ai/v1/search. Search and content-extraction functionality is implemented in search.js and content.js respectively, which is appropriate for the described purpose.
Instruction Scope
SKILL.md and the CLI only instruct the agent to call the Querit API and (optionally) fetch and extract page content. That matches the stated purpose. A notable operational detail: content.js will fetch arbitrary URLs from the host where the skill runs and return extracted page content. This is expected for a content-extraction feature, but it means the skill can be used to load internal or protected endpoints (SSRF-like risk) if asked to fetch internal URLs. The instructions do not read unrelated env vars or config files.
Install Mechanism
The install flow is Node/npm-based (package.json + package-lock) and an install.sh that downloads files from raw.githubusercontent.com/interskh/querit-search/main and runs npm ci/install. GitHub raw and npm are common package hosts, but running a remote curl | bash installer and installing npm dependencies carries moderate risk (dependencies can include lifecycle scripts). The install script itself is straightforward and writes into ~/.openclaw/skills/querit-search; no obscure external downloads or archives are used beyond npm and GitHub raw.
Credentials
Only QUERIT_API_KEY is required and used as the primary credential for the Querit API. The skill documents alternative config/storage in OpenClaw config or .env; there are no unrelated or excessive environment variable requirements.
Persistence & Privilege
always is false. The skill installs under the user's skills directory and does not modify other skills or system-wide settings. It can be invoked autonomously by the agent (platform default), which is expected for a search skill; consider the normal autonomy considerations when granting runtime capability to call external APIs and fetch URLs.
Assessment
This skill appears to do what it says: it needs only your Querit API key and performs searches against Querit.ai and (optionally) fetches pages to extract readable content. Before installing: (1) Prefer inspecting files locally rather than piping a remote install script into bash — clone the repo and run npm ci yourself. (2) Be aware npm will install dependencies from the public registry; if you need stronger guarantees, audit the dependency tree or run it in a sandbox. (3) Avoid asking the skill to fetch internal or sensitive URLs (e.g., 169.254.x.x, 127.0.0.1, internal hostnames) because content.js will make HTTP requests from your environment and could disclose internal content to the agent. (4) Only provide a Querit API key you are comfortable using with this skill and consider creating a limited/revocable key if Querit supports that. If you want, I can point out the exact lines to edit if you prefer to remove the curl|bash installer or restrict content.js to a safe list of hosts.Like a lobster shell, security has layers — review code before you run it.
latestvk973eqg9vzg6r1bfr4pxy2mawd80fg19
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🔎 Clawdis
EnvQUERIT_API_KEY
Primary envQUERIT_API_KEY
Install
Install npm dependencies