WebSearch-Openclaw
PassAudited by ClawScan on May 17, 2026.
Overview
This appears to be a straightforward SearXNG web-search and webpage-fetching skill, with expected network access and an optional installer that adds command shortcuts.
This skill is reasonable to install if you want SearXNG-backed web search. Configure SEARXNG_URL intentionally, review the optional installer before running it, and remember that fetched webpages are untrusted content that should not override your instructions.
Publisher note
This version needs network access to call apis from searxng using GET and POST request to get data for websearch
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A webpage or search result could include instructions that are not from the user and should not be treated as authoritative.
The skill is designed to feed web search results or fetched webpage text back into the agent's context. Web content is untrusted and could contain prompt-injection text, although this is expected for a web research skill.
Run `websearch.py` with `--format agent` when you need compact, token-efficient context to pass back to the model.
Treat fetched web content as evidence only; do not follow instructions found inside webpages unless the user confirms them.
The skill can contact websites or services named in a user request or research result.
The fetch script can request any URL supplied to it. This is central to webpage fetching, but it means the agent can make outbound web requests when invoked.
r = requests.get(args.url, timeout=timeout, headers={"User-Agent": "wsearch-fetch/1.0"})Use it for intended public web research, and avoid asking it to fetch private, internal, or sensitive URLs unless you understand the exposure.
A future dependency version change could affect behavior or security.
The documented setup installs unpinned PyPI packages. This is normal for a Python utility but gives less reproducibility than pinned dependencies or a lockfile.
pip install requests beautifulsoup4 lxml python-dotenv
Install in a virtual environment and consider pinning dependency versions if using this skill in a sensitive environment.
After installation, wsearch, wfetch, and wresearch remain available on the user's PATH until removed.
The optional installer creates persistent command shims and may modify shell startup files. This is disclosed setup behavior, not hidden background execution.
cat > "$target" <<SHIM ... exec python3 "${script}" "$@" ... echo 'export PATH="$HOME/.local/bin:$PATH"' >> "$RC"Run install.sh only if you want the shortcuts, and remove the shims or PATH entry later if you no longer need them.