Local Web Search
PassAudited by ClawScan on May 1, 2026.
Overview
This is a coherent DuckDuckGo search helper with no credential access or persistence, but users should know their search queries and retrieved snippets leave the local environment and enter the agent context.
This skill appears safe for ordinary web searches. Before installing, remember that your query text is sent to DuckDuckGo and that returned snippets are untrusted web content, so do not search for secrets and verify important results from primary sources.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Sensitive information typed into a search query could be exposed to DuckDuckGo as part of normal operation.
The user's search query is sent to DuckDuckGo over HTTPS. This is purpose-aligned and disclosed, but it means search terms are shared with an external provider.
url = "https://duckduckgo.com/html/?q=" + urllib.parse.quote(query)
Avoid putting secrets, private identifiers, or confidential business data into search queries unless you are comfortable sending them to DuckDuckGo.
Search snippets are untrusted web content and could contain inaccurate or manipulative text if treated as instructions or facts.
The skill returns external web titles and snippets into the agent context. The documentation appropriately cautions that trust scores are only for ranking and claims should be verified.
results[] {title, url, snippet, trust{score,tier,reason}} ... always verify key claims with primary sourcesTreat returned titles and snippets as data, not instructions; verify important claims by opening and checking primary sources.
It may be harder to independently verify the publisher, update history, or canonical source of the script.
The included code is small and self-contained, but the registry metadata does not provide an upstream source or homepage for provenance checking.
Source: unknown; Homepage: none
Review the included script before installing and prefer packages with clear upstream provenance when available.