ClawHub

WebSearch with SerpApi

v1.0.0

Search the web using SerpAPI with customizable engines (Google, Google AI Mode, Bing, etc.). Use when user needs web search results via SerpAPI.

2· 459·0 current·0 all-time
byLi Shanglin@lsl001006
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, declared dependency on the serpapi Python package, and the included Python entrypoint all align with a SerpAPI search skill. The only credential it needs is a SerpAPI API key, which is appropriate.
Instruction Scope
SKILL.md and serpapi_search.py only perform search calls via the serpapi client and return text blocks. However, the README suggests replacing the API key in the file (insecure practice) even though it also supports reading SERPAPI_API_KEY from the environment; the instructions should emphasize using the environment variable instead of embedding keys in code.
Install Mechanism
No install spec is embedded; SKILL.md asks the operator to pip install the public 'serpapi' package. This is a common, low-risk approach. Users should still verify the package name and source before installing.
Credentials
The skill only requires a single service credential (SERPAPI_API_KEY), which is proportional. The SKILL.md's suggestion to replace the key directly in the file is unnecessary and increases risk of accidental secret leakage; prefer setting the environment variable.
Persistence & Privilege
The skill does not request persistent/system-wide privileges (always is false) and does not modify other skills or system configs. Autonomous invocation is allowed by default but is not combined with broad privileges here.
Assessment
This skill is consistent with its stated purpose: it calls SerpAPI using the serpapi Python client and needs only your SerpAPI API key. Before installing, verify the 'serpapi' PyPI package is the official client, avoid embedding API keys into the file (use the SERPAPI_API_KEY environment variable), and be aware that queries and returned text are sent to SerpAPI (consider privacy and API usage/costs). If you want tighter security, keep the key in an environment secret store or vault instead of the codebase.

Like a lobster shell, security has layers — review code before you run it.

latestvk971kcngm0g7qazpbhf0stb4n181rsk8

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments