DuckDuckGo Web Search
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the dependency directly into the system Python environment could affect other Python tools or pick up future package changes.
The skill depends on an external, unpinned Python package and suggests a pip option that can modify a system-managed Python environment. This is disclosed setup for the stated purpose, so it is a note rather than a concern.
- `ddgs` Python package (install: `pip install --break-system-packages ddgs`)
Install the dependency in a virtual environment or other isolated Python environment, and consider pinning a known-good ddgs version.
Search terms may be visible to the external search service or network path, so private information in queries may leave the local environment.
The provided query is sent through the DDGS search provider. That external data flow is expected for web search and no credential handling or unrelated transmission is shown.
results = list(DDGS().text(query, max_results=count))
Avoid searching for secrets, credentials, or highly sensitive personal data, and treat returned snippets and fetched pages as untrusted web content.
A very large requested count could cause more search activity than expected or hit provider rate limits.
The result count is passed directly to the search library. SKILL.md documents a max of 20, but the code does not enforce that bound.
count = int(sys.argv[2]) if len(sys.argv) > 2 else 5 ... results = list(DDGS().text(query, max_results=count))
Keep result counts modest, and update the script to clamp count to the documented maximum.