Simple Websearch

This skill largely implements web scraping/search logic and is probably useful for searches, but there are notable red flags you should consider before installing or running it: - Hardcoded external script calls: The code calls /home/lin/.openclaw/scripts/exa-search.sh and /home/lin/.openclaw/workspace/skills/dynamic-webfetch/scripts/fetch.py via subprocess. These files are not included in the package or documented in SKILL.md. If those paths exist on your system they will be executed with your privileges; if they do not exist the skill will silently degrade. - Undocumented execution surface: SKILL.md describes HTTP scraping and optional Playwright, but does not mention executing local helper scripts. Treat the skill as executing local programs in addition to making network requests. - Inspect external helpers: If you plan to use this, locate and review the referenced exa-search.sh and dynamic-webfetch fetch.py scripts on your system (or ask the author for them). Ensure they are trustworthy before allowing the skill to run. - Run in isolation first: Execute the skill in a sandboxed or ephemeral environment (container/VM) to observe its behavior, especially the subprocess calls and any outbound network traffic. - Optional Playwright: If you enable Playwright, it will install and run a browser (chromium) which increases resource/attack surface; only enable if needed. - Package vs. documentation mismatch: The skill is deliverable as a pip package (setup.py) but registry metadata claimed instruction-only — be cautious about installing it system-wide. Confidence is medium because the visible code explains the suspicious behavior (subprocess calls) but the referenced helper scripts are not present so the full runtime effects cannot be determined without those files. If you can provide the contents of the referenced exa-search.sh and dynamic-webfetch scripts (or confirm they don't exist on your system), I can raise or lower the risk assessment accordingly.