Back to skill
Skillv1.0.0
ClawScan security
Multi Search Engine · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 17, 2026, 10:51 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requirements and instructions are consistent with its stated purpose (building and issuing HTTP search queries to a set of public search engines); it does not request extra credentials, installs, or unusual privileges.
- Guidance
- This skill is coherent and appears to do only what it claims: compose and fetch search URLs against public search engines. Before installing, consider: (1) provenance — the author/homepage are unknown, so maintenance, updates, or tamper history are unclear; (2) privacy — any query you issue (including sensitive strings) will be sent to third-party search sites (and DuckDuckGo bangs may redirect to other domains), so avoid searching secrets or private tokens; (3) scraping/legal concerns — aggressive automated fetching may trigger rate limits, CAPTCHAs, or violate terms of service of some engines; verify the agent's web_fetch implementation doesn't automatically include your credentials, cookies, or internal network access when it makes requests. If those points are acceptable, the skill's footprint is proportionate to its purpose.
Review Dimensions
- Purpose & Capability
- okName/description list multiple search engines and the files provide only URL templates, examples, and documentation. No binaries, env vars, or installs are requested — everything needed to perform searches (URL templates and examples for web_fetch) is present and proportional to the purpose.
- Instruction Scope
- okSKILL.md instructs the agent to construct and fetch search URLs (web_fetch calls) and documents advanced search operators. It does not instruct reading local files, accessing unrelated environment variables, or contacting hidden endpoints. The instructions remain within the stated scope of issuing search queries.
- Install Mechanism
- okInstruction-only skill with no install spec and no code files to write to disk. This is the lowest-risk install pattern and matches the manifest.
- Credentials
- okNo environment variables, credentials, or config paths are required. The documented use cases (search and WolframAlpha queries) do not require API keys, matching the declared metadata.
- Persistence & Privilege
- okalways is false and there are no requests to modify other skills or agent-wide settings. The skill does not request elevated persistence or privileges.