Back to skill
Skillv1.0.0
ClawScan security
Search Web · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 7, 2026, 8:00 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code and instructions are consistent with its stated purpose: it queries a local SearXNG instance and returns titles and URLs; it does not request unrelated credentials, contact external hosts, or perform unexpected file access.
- Guidance
- This skill appears coherent and low-risk for the stated purpose. Before installing, confirm that you actually run a SearXNG instance at http://localhost:8080/search (or be prepared to modify the endpoint); ensure that the instance is trustworthy because queries will be sent there; note the tool depends on Python's 'requests' library which may need to be present in the agent environment; and remember the agent may call this tool autonomously when it needs fresh web results. If you will host SearXNG on a different host/port or require proxied/remote access, update the code or SKILL.md accordingly.
Review Dimensions
- Purpose & Capability
- okName/description describe querying a self-hosted SearXNG instance and the code/instructions implement exactly that: an HTTP GET to http://localhost:8080/search with the query and JSON output of titles and URLs.
- Instruction Scope
- okSKILL.md and the Python tool are narrowly scoped. The runtime reads the query from stdin, calls a local HTTP endpoint, and returns the top 5 result entries. There are no instructions to read unrelated files, environment variables, or transmit data to third-party endpoints.
- Install Mechanism
- noteNo install spec (instruction-only plus a small tool file) — low risk. One operational note: the tool uses the Python 'requests' library but the skill manifest does not declare or install that dependency; this is a functionality mismatch, not a security concern.
- Credentials
- okThe skill requests no environment variables, credentials, or config paths. Its network access is limited to a localhost HTTP call consistent with the stated purpose.
- Persistence & Privilege
- okalways is false and there are no special privileges or system-wide modifications. The skill can be invoked by the agent (normal behavior) but it does not request permanent presence or elevated system access.