serper

The OpenClaw skill bundle for Serper is benign. The `scripts/search.py` script legitimately uses the Serper API for web search and `trafilatura` for content extraction, requiring network access to `google.serper.dev` and arbitrary web pages. It retrieves the `SERPER_API_KEY` from environment variables or a `.env` file, which is standard practice for API-based tools. The `SKILL.md` instructions guide the AI agent on efficient and responsible use of the skill, including defensive instructions to prevent redundant web fetching, rather than attempting malicious prompt injection. No evidence of data exfiltration, malicious execution, persistence, obfuscation, or supply chain attacks was found.