Ddg Search Fetch
Search the web and fetch URL content using DuckDuckGo. Use when the user wants to search for information online without requiring API keys or paid services....
MIT-0 · Free to use, modify, and redistribute. No attribution required.
⭐ 0 · 98 · 0 current installs · 0 all-time installs
MIT-0
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description match the included scripts: ddg_search.py performs DuckDuckGo searches and ddg_fetch.py fetches and extracts page content. However, SKILL.md/README recommend installing the pip package 'duckduckgo-search' even though the bundled scripts do not import or use that package. Also ddg_search.py falls back to calling the system 'curl' binary, but required binaries list does not declare curl — a mild mismatch between claimed requirements and actual implementation.
Instruction Scope
Runtime instructions are limited to running the two scripts and parsing JSON output, which is consistent with the stated purpose. The scripts perform network requests to DuckDuckGo and to arbitrary user-provided URLs. This is expected but does mean the agent will make outbound requests (exposes agent IP/metadata to remote sites and could be used against internal targets if the agent has network access). The curl fallback uses subprocess.run with an argument list (not a shell string), reducing command-injection risk, but the skill still accepts untrusted input (user-provided URLs/queries) so SSRF/exposure risk exists.
Install Mechanism
There is no install spec (instruction-only) and the skill ships small Python scripts — low installation risk. However, SKILL.md and README recommend 'pip3 install duckduckgo-search' despite the scripts functioning via urllib/curl; this recommended dependency appears unnecessary and is inconsistent with the code. No remote downloads, extract operations, or unusual install locations are present.
Credentials
The skill declares no environment variables or credentials and the code does not access environment secrets or config paths. No disproportionate credential requests are present.
Persistence & Privilege
The skill does not request always:true, does not modify other skills or global agent settings, and uses the platform default for autonomous invocation. No elevated persistence or privilege is requested.
What to consider before installing
This skill appears to implement DuckDuckGo search and page fetch as advertised, but review these points before installing:
- The README/SKILL.md recommends installing the 'duckduckgo-search' pip package, but the included scripts do not use that library — the dependency appears unnecessary. Avoid blindly installing extra packages unless you need them.
- ddg_search.py may call the system 'curl' binary as a fallback; ensure curl is available or accept that the script will use urllib instead. The skill's metadata did not declare curl as a required binary.
- The scripts perform outbound HTTP(S) requests to arbitrary URLs/queries you provide. That exposes the agent's IP and can lead to SSRF or data exposure if the agent has access to internal network resources. Consider running the skill in a sandboxed environment or restricting allowed target hosts if you will fetch untrusted or internal URLs.
- The curl call is executed without a shell (argument list), which reduces shell-injection risk, but feeding untrusted inputs (specially crafted URLs) can still have consequences — validate or sanitize inputs in your integration if possible.
- If you plan to grant this skill autonomous invocation, be aware it can make network calls on its own; combine that with network restrictions or monitoring if needed.
If you want to proceed: inspect the two script files locally, remove the unnecessary pip recommendation, and consider limiting outbound network access or whitelisting domains before use.Like a lobster shell, security has layers — review code before you run it.
Current versionv1.0.1
Download zipduckduckgofetchfreelatestsearchweb
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
SKILL.md
DuckDuckGo Search & Fetch
Search the web and fetch URL content using DuckDuckGo (no API key required).
Prerequisites
需要安装依赖:
pip3 install duckduckgo-search
功能
1. 网页搜索 (ddg_search.py)
python3 scripts/ddg_search.py "your search query" [--max-results 10]
2. 网页抓取 (ddg_fetch.py)
python3 scripts/ddg_fetch.py "https://example.com" [--timeout 30]
Usage Examples
搜索
# Basic search
python3 scripts/ddg_search.py "OpenClaw AI agent"
# Search with more results
python3 scripts/ddg_search.py "Python best practices" --max-results 15
抓取网页
# Fetch a webpage
python3 scripts/ddg_fetch.py "https://openclaw.ai"
# With custom timeout
python3 scripts/ddg_fetch.py "https://example.com" --timeout 15
# Plain text output
python3 scripts/ddg_fetch.py "https://example.com" --format text
Output Format
搜索结果 (JSON)
{
"query": "search query",
"count": 10,
"results": [
{
"title": "Result title",
"url": "https://example.com",
"snippet": "Description snippet"
}
]
}
抓取结果 (JSON)
{
"url": "https://example.com",
"title": "Page Title",
"text": "Extracted readable content...",
"description": "Meta description",
"status_code": 200,
"error": null
}
Integration with OpenClaw
Example workflow
# Search
result = exec({
"command": "python3 /path/to/skills/duckduckgo-search/scripts/ddg_search.py query"
})
# Parse: json.loads(result.stdout)
# Fetch URL
result = exec({
"command": "python3 /path/to/skills/duckduckgo-search/scripts/ddg_fetch.py https://example.com"
})
# Parse: json.loads(result.stdout)
Files
5 totalSelect a file
Select a file to preview.
Comments
Loading comments…