Back to skill
Skillv1.0.0
ClawScan security
Serper Clone · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 7, 2026, 3:06 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only connector for a self-hosted Serper-compatible search API; its instructions, file usage, and network calls are consistent with that purpose, with only a minor metadata inconsistency to be aware of.
- Guidance
- This skill appears to do exactly what it claims: issue search queries to a Serper-compatible server you run. Before installing, verify that the BASE_URL you configure points to a server you control or trust — whatever host you configure will receive all queries and the provided API_KEY. The SKILL.md expects a plaintext credential file at ~/.openclaw/workspace/.serper-clone-api-key; ensure that file is protected (chmod 600) and contains only the necessary API_KEY and BASE_URL. Note the small packaging mismatch: the registry metadata indicated no required config path but SKILL.md requires the file — you may want the publisher to correct the metadata. If you need to limit automatic behavior, remember the skill can be invoked by the agent per platform defaults; if you prefer manual use only, disable autonomous invocation where supported or avoid placing the API key file until you want to enable the skill.
Review Dimensions
- Purpose & Capability
- noteThe skill's name and description (self-hosted Serper-compatible search) align with its instructions: it expects an API key and a BASE_URL and issues POST requests to that service. Minor inconsistency: the registry metadata in the provided bundle said no required config paths, but the SKILL.md declares a required file (~/.openclaw/workspace/.serper-clone-api-key). This appears to be a packaging/metadata mismatch rather than a functional mismatch.
- Instruction Scope
- okSKILL.md only instructs the agent to read a single local credential/config file, extract API_KEY and BASE_URL, and send POST requests to endpoints on that BASE_URL (using curl). Those actions are directly tied to the stated purpose and do not reference other system files, secrets, or unrelated services.
- Install Mechanism
- okThere is no install spec and no code files beyond documentation; nothing is downloaded or written to system locations by an installer. This is low-risk for installation-time surprises.
- Credentials
- noteThe skill requires a local credentials file (API_KEY and BASE_URL) stored under ~/.openclaw/workspace — this is proportionate to a self-hosted API connector. Note that the registry metadata did not list required config paths while SKILL.md does, which is inconsistent. Also the API key is stored in plaintext in a file (the docs recommend chmod 600); users should ensure the file is kept secure and only contains the minimum necessary credential.
- Persistence & Privilege
- okThe skill is not always-enabled and does not request elevated or cross-skill configuration changes. disable-model-invocation is false (normal), so the agent may call the skill autonomously per platform defaults — this is expected for skills.