WebSearch

AdvisoryAudited by Static analysis on Apr 30, 2026.

Overview

No suspicious patterns detected.

Findings (0)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

NoteHigh Confidence

ASI04: Agentic Supply Chain Vulnerabilities

What this means

If the local websearch executable has been replaced or behaves differently than expected, the skill would run that code when invoked.

Why it was flagged

The skill executes a local helper binary that is not included in the provided artifacts. This is central to the stated purpose, but the trustworthiness of that local command determines what actually runs.

Skill content

exec:
  command: /usr/local/bin/websearch
  args:
    - "{{query}}"

Recommendation

Before installing or using the skill, verify that /usr/local/bin/websearch is present, expected, and maintained by a trusted source.