ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Web Searcher

v1.0.0

Autonomous web research agent that performs multi-step searches, follows links, extracts data, and synthesizes findings into structured reports. Use when asked to research a topic, find information across multiple sources, compare options, gather market data, compile lists, or answer questions requiring deep web investigation beyond a single search.

0· 1.1k·3 current·3 all-time
by@kassimisai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (autonomous web research) align with the included SKILL.md and the small helper script. The only code (scripts/research_plan.py) simply builds search queries and limits (max_searches/max_fetches) which is appropriate for the stated function.
Instruction Scope
Runtime instructions tell the agent to run platform-provided web_search and web_fetch calls, follow links, compare sources, and cite URLs. They set explicit limits (max searches/fetches) and do not instruct reading local files, environment variables, or transmitting data to arbitrary external endpoints. The only notable behavior is explicit guidance to fetch public pages (e.g., LinkedIn/company pages) which is consistent with people/company research but may surface personal information—this is expected for the skill's purpose.
Install Mechanism
No install spec is provided (instruction-only), and the single included script is a small, local helper that does not fetch remote code or write to disk beyond its own presence. This is the lowest-risk install profile.
Credentials
The skill declares no required environment variables, no credentials, and no config paths. The SKILL.md does not reference any hidden env vars or secrets. This is proportionate to a read-only web research agent.
Persistence & Privilege
always:false and no install actions that modify agent/system configurations. The skill does not request persistent privileges or to modify other skills' settings.
Assessment
This skill appears to do what it promises: autonomous web searches, selective page fetches, cross-referencing, and synthesis. Before installing, consider: (1) It will fetch public pages (news, LinkedIn, company sites) and include URLs in outputs—avoid asking it to harvest private or authenticated content or supply credentials. (2) Scraping some sites (LinkedIn, paywalled content) may violate terms of service or require authentication; expect missed results for such sources. (3) Outputs are synthesized summaries — verify important claims against the cited source URLs. If you need stricter controls, only invoke this skill manually (it is user-invocable by default) and avoid granting any separate credentials or private tokens to it.

Like a lobster shell, security has layers — review code before you run it.

latestvk977kbe5pg2y0atnqz3720y87180yh5m

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments