openclaw-serper
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: openclaw-serper Version: 3.1.1 The OpenClaw Serper skill is benign. It performs web searches via the Serper API and extracts full page content using `trafilatura`, as described. The `SKILL.md` provides clear, non-malicious instructions for the agent on how to use the skill effectively, without attempting prompt injection for harmful objectives. The `scripts/search.py` correctly loads its own `SERPER_API_KEY` from a local `.env` file or environment variables, and makes network requests only to `google.serper.dev` and the URLs returned by the search, which is consistent with its stated purpose. No evidence of data exfiltration, malicious execution, persistence, or obfuscation was found.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may rely on this skill's extracted content instead of separately checking a page.
The skill strongly constrains the agent's later tool choices. This is disclosed and fits the stated purpose of avoiding duplicate fetching, but it could reduce independent verification if the extracted content is incomplete or wrong.
Do NOT use WebFetch, web_fetch, WebSearch, browser tools, or any other URL-fetching/browsing tool on the URLs returned by this skill.
For important or high-stakes answers, ask the agent to verify sources independently or compare against additional sources.
An agent using this skill can invoke Python through Bash, which is expected here but broader than a single fixed command.
The skill grants Python command execution so the agent can run the search script. This is central to the skill, but the allowed pattern is broader than only running scripts/search.py.
allowed-tools: Bash(python3:*)
Install only in an environment where running this Python script is acceptable; if supported, restrict the allowed command to the specific search script.
Using the skill consumes the user's Serper API quota and depends on protecting that API key.
The script requires a Serper API key and sends it to the Serper API. This is expected for the integration, but the registry metadata declares no required env vars or primary credential.
key = os.environ.get("SERPER_API_KEY") or os.environ.get("SERP_API_KEY")Use a dedicated Serper key with limited quota where possible, and avoid placing unrelated secrets in the skill's .env file.
Installing the dependency may pull whatever version is current at install time, which can change behavior over time.
The dependency install is user-directed and necessary for full-page extraction, but the package version is not pinned in the instructions.
pip install --user trafilatura
Consider pinning or reviewing the trafilatura version before installation, especially in controlled environments.
The agent could treat untrusted page text as more authoritative than it deserves.
The skill intentionally feeds full text from external web pages into the agent context. This is purpose-aligned, but web page content is untrusted and may contain misleading claims or prompt-like instructions.
Returns clean readable text, not just snippets... full extracted page text
Treat returned page content as source material, not instructions, and verify important claims across reliable sources.