WebSearch with SerpApi
PassAudited by ClawScan on May 1, 2026.
Overview
This skill coherently performs SerpAPI web searches, but users should provide the API key safely and be aware that searches go to SerpAPI through an unpinned Python dependency.
This appears appropriate for web search through SerpAPI. Before installing, make sure you trust the `serpapi` package source, set your API key via `SERPAPI_API_KEY` instead of editing it into code, and avoid sending sensitive queries to SerpAPI.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill will need access to a SerpAPI account key, which may have billing or quota impact if misused.
The skill requires a service API key, which is expected for SerpAPI but should be handled as a credential and is not declared in the registry requirements.
Requires a SerpAPI key... API key can be set via environment variable `SERPAPI_API_KEY` for security.
Set the key via a secret or environment variable, avoid hardcoding it into the skill file, and use a key with appropriate quota limits.
Installing an unpinned package may pull a newer or different package version than expected.
The dependency is installed from PyPI without a pinned version; this is normal for the stated purpose but leaves package provenance and version selection to the installer.
"pip": ["serpapi"] ... Install dependencies: `pip install serpapi`
Install from a trusted package index and consider pinning or reviewing the `serpapi` package version before use.
Search terms, including any sensitive text placed in the query, may be sent to SerpAPI.
The user-provided query is sent to the external SerpAPI service, which is consistent with the skill's purpose but is still an external data flow.
results = client.search(q=query, engine=engine)
Avoid searching for secrets or private information unless you are comfortable sending that query to SerpAPI.