Serper Web Search
PassAudited by ClawScan on May 1, 2026.
Overview
This is a straightforward Serper web-search skill, with minor notes about API-key handling and incomplete metadata/script references.
This appears safe to use for Serper searches if you are comfortable sending queries to Serper and using your API key. Store the key as an environment variable when possible, avoid sensitive query text, and verify any helper script before running it.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone using this skill must provide a Serper API key, and searches may count against that account.
The skill requires a Serper API key to make searches. This is purpose-aligned, but the key authorizes API usage and may consume account credits.
`X-API-Key: $SERPER_API_KEY` ... `Set SERPER_API_KEY environment variable or pass the key inline`
Prefer setting the API key in an environment variable rather than pasting it inline, and use a scoped/revocable key if Serper supports it.
Users or agents may try to run a helper script that is not actually included in the reviewed package.
The provided artifact set lists only SKILL.md and no code files, so the referenced bundled script is not present for review. This looks like a documentation/package mismatch rather than hidden execution.
`Use the bundled search script:` ... `./scripts/search "your query"`
Do not rely on the referenced script unless it is present and reviewed; use the documented curl call instead.
Search terms, including any sensitive text included in a query, are transmitted to the Serper service.
The skill discloses that search queries are sent to Serper's external API. This is expected for a web-search skill, but query contents leave the local environment.
`Endpoint`: `https://google.serper.dev/search` ... `Body`: `{"q": "your query here"}`Avoid sending secrets, private personal data, or confidential business information as search queries unless that is acceptable for your use of Serper.