ClawHub

Serpapi Mcp

v1.1.1

Run SerpAPI searches via SerpAPI's MCP server using mcporter. Use when the user asks to search the web with SerpAPI/SerpAPI MCP, wants SerpAPI inside Clawdbot, or to use the /serp command.

1· 1.8k·3 current·3 all-time
byMarcos Morales@merlintxu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill's name/description matches the included scripts: it calls SerpAPI MCP via mcporter, optionally enriches AI overview, and can log results to Airtable. However the registry metadata claims no required binaries/env vars while the scripts clearly require 'mcporter' (npm), 'node', and SERPAPI credentials; that mismatch is unexpected and reduces trust in the package metadata.
Instruction Scope
SKILL.md and the scripts are scoped to performing SerpAPI searches (via mcporter -> https://mcp.serpapi.com) and optional Airtable logging (https://api.airtable.com). They do not attempt to read unrelated system files or other credentials. The only extra network calls are to serpapi.com (ai overview) and Airtable when enabled—both documented in SKILL.md.
Install Mechanism
This is an instruction-only skill with bundled scripts (no declared install spec). It tells users to 'npm install -g mcporter' but provides no automated install. That is low risk overall, but you should audit and vet the 'mcporter' npm package and ensure Node is an appropriate version (scripts use Node 'fetch' assumptions).
!
Credentials
The scripts require sensitive environment variables (SERPAPI_API_KEY or SERPAPI_API_KEYS and, if logging enabled, AIRTABLE_TOKEN / AIRTABLE_BASE_ID / AIRTABLE_TABLE). The registry metadata lists none of these as required; the omitted declarations are a serious proportionality/information gap. The requested creds themselves are proportionate to the described function, but you must ensure they are stored and scoped safely (prefer skill-scoped or limited-key usage).
Persistence & Privilege
The skill does not request 'always: true' or any elevated platform privileges and does not modify other skills. Autonomous invocation is allowed by default (normal). Note: if SERP_LOG_AIRTABLE is enabled the skill will transmit full SerpAPI JSON to your Airtable base—this is expected behavior but increases the blast radius of an autonomous run.
What to consider before installing
Before installing: - Verify and correct metadata: the registry entry should declare required binaries (mcporter, node) and required env vars (SERPAPI_API_KEY or SERPAPI_API_KEYS; optional AIRTABLE_TOKEN/AIRTABLE_BASE_ID/AIRTABLE_TABLE). Ask the publisher to fix metadata if missing. - Audit mcporter (the npm package) to ensure you trust it; consider running it in an isolated environment first. - Provide the minimal SerpAPI key needed (use a limited-capacity/test key if possible) rather than a high-privilege key, and prefer skill-scoped env storage rather than committing secrets. - Be cautious enabling SERP_LOG_AIRTABLE: it will send raw SerpAPI JSON (potentially large, including URLs and snippets) to Airtable. Only enable if you trust the logger and the destination base/table schema. - Ensure Node version on host provides the required features (global fetch used in airtable_log.mjs) or run in an environment with a known Node LTS. - If you need higher assurance, request the publisher to provide provenance (homepage, source repo) and to update the registry metadata to reflect the actual requirements.

Like a lobster shell, security has layers — review code before you run it.

latestvk972ythpvqz0b22c4y85318rkd80r1zm

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments