Duckduckgo Search 1.0.0
PassAudited by ClawScan on May 1, 2026.
Overview
This is a coherent DuckDuckGo search helper, with disclosed but noteworthy use of Python/package-manager commands and external search queries.
This skill appears safe for ordinary web search use. Before installing, verify the duckduckgo-search package source/version, prefer an isolated environment, and avoid searching for secrets or highly sensitive private information.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If misused, the agent could run local Python or package-manager commands beyond simply performing a search.
The skill grants shell access to Python and package-manager commands. This is consistent with the documented DuckDuckGo Python examples, but it is broader than a narrowly scoped search-only tool.
allowed-tools: Bash(duckduckgo-search:*), Bash(python:*), Bash(pip:*), Bash(uv:*)
Use the skill only for documented search/setup commands, and review any proposed Bash, Python, pip, or uv command before allowing it.
Installing the latest package version could change behavior over time or expose the user to package supply-chain issues.
The setup instructions install an unpinned package from a package index. This is expected for the skill's purpose, but the artifacts do not pin a version or include a lockfile.
uv pip install duckduckgo-search # 或使用 pip 安装 pip install duckduckgo-search
Install from a trusted package index, consider using an isolated virtual environment, and pin a known-good duckduckgo-search version if reproducibility matters.
Sensitive or private text placed in a search query may be sent outside the local environment.
The skill necessarily sends search terms to an external search provider. This is clearly aligned with the stated purpose, but users should understand the data flow.
Performs web searches using DuckDuckGo to retrieve real-time information from the internet
Do not use confidential credentials, private documents, or other secrets as search terms unless you are comfortable sending them to the search provider.