DuckDuckGo Web Search
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: neo-ddg-search Version: 1.0.0 The skill bundle provides a DuckDuckGo web search tool. The `SKILL.md` clearly defines its purpose and usage, without any prompt injection attempts to mislead the agent or perform unauthorized actions. The `scripts/search.py` script uses the legitimate `ddgs` Python library to perform searches and print results, with no evidence of data exfiltration, malicious execution, persistence mechanisms, or obfuscation. The `pip install --break-system-packages ddgs` instruction is for dependency management and not indicative of malicious intent for a known library.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the dependency directly into the system Python environment could affect other Python tools or pick up future package changes.
The skill depends on an external, unpinned Python package and suggests a pip option that can modify a system-managed Python environment. This is disclosed setup for the stated purpose, so it is a note rather than a concern.
- `ddgs` Python package (install: `pip install --break-system-packages ddgs`)
Install the dependency in a virtual environment or other isolated Python environment, and consider pinning a known-good ddgs version.
Search terms may be visible to the external search service or network path, so private information in queries may leave the local environment.
The provided query is sent through the DDGS search provider. That external data flow is expected for web search and no credential handling or unrelated transmission is shown.
results = list(DDGS().text(query, max_results=count))
Avoid searching for secrets, credentials, or highly sensitive personal data, and treat returned snippets and fetched pages as untrusted web content.
A very large requested count could cause more search activity than expected or hit provider rate limits.
The result count is passed directly to the search library. SKILL.md documents a max of 20, but the code does not enforce that bound.
count = int(sys.argv[2]) if len(sys.argv) > 2 else 5 ... results = list(DDGS().text(query, max_results=count))
Keep result counts modest, and update the script to clamp count to the documented maximum.