ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

My Searxng

v1.0.0

Privacy-respecting metasearch using your local SearXNG instance. Search the web, images, news, and more without external API dependencies.

0· 63·1 current·1 all-time
by@liujiang817
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, required binary (python3), SKILL.md commands, and included Python script all align with a local SearXNG CLI skill. The skill uses a configuration file (searxng.ini) to point at the target instance, which is appropriate for the stated purpose.
Instruction Scope
Runtime instructions are narrowly scoped to calling the included Python script and using the local SearXNG JSON API. The README and SKILL.md explicitly forbid environment-based configuration and instruct file-based config only. The script only reads/writes its own searxng.ini and performs HTTP calls to the configured URL. A notable behavior: the code disables SSL certificate verification (ssl.CERT_NONE) to accommodate self-signed local certificates — this is documented but reduces TLS protections and should be considered before use.
Install Mechanism
No install spec is provided (instruction-only with included script); nothing is downloaded or installed automatically. This minimizes install-time risk.
Credentials
The skill requests no environment variables or external credentials, which is proportionate. However, a provided configuration file (scripts/searxng.ini) contains a default URL (http://192.168.1.20:4000) that the script will use — running the skill as-is will send queries to that endpoint. Confirm the configured endpoint is trusted or change it before running.
Persistence & Privilege
The skill does not request elevated or persistent platform privileges (always:false). It only reads/writes its own config file and does not modify other skills or global settings.
Assessment
This skill appears to do what it says: it runs a local-API search via the included Python script. Before installing or running it: 1) Open scripts/searxng.ini and set the url to your own trusted SearXNG instance (do not rely on the provided default 192.168.1.20:4000 unless it is yours). 2) Be aware the script disables SSL certificate verification for HTTPS (it allows self-signed certs); if you need stronger protection, run your instance with a valid cert or modify the code to enforce verification. 3) The script will send your search queries to whatever URL is configured — treat that endpoint as able to observe/search logs. 4) The code is zero-dependency and straightforward; if you want stronger assurance, review or run the script locally before granting usage. If you want, I can point out the exact lines to change to re-enable certificate verification or to validate the configured URL before requests.

Like a lobster shell, security has layers — review code before you run it.

latestvk97d09ve0er9rmjgtks3xr66gs83bwzz

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔍 Clawdis
Binspython3

Comments