Searxng 1
PassAudited by ClawScan on May 1, 2026.
Overview
This is a straightforward SearXNG search helper, with the main cautions being its configured search endpoint, disabled TLS verification, and runtime Python dependencies.
Install only if you have a SearXNG instance you trust. For best privacy, point SEARXNG_URL at your own local instance; if you use a remote HTTPS instance, consider changing the script to verify certificates.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If you use a public or untrusted SearXNG instance, your search terms could be visible to that service or exposed to network interception.
Search queries are sent to the configured SearXNG endpoint, and TLS certificate verification is disabled. This is disclosed for local self-signed instances, but it reduces protection if the URL is remote or untrusted.
response = httpx.get(
f"{SEARXNG_URL}/search",
params=params,
timeout=30,
verify=FalseUse a trusted local SearXNG instance when possible, and consider enabling certificate verification for remote HTTPS instances.
Running the skill may install or use current versions of its Python dependencies, which can affect reproducibility.
The script declares runtime Python package dependencies without version pins. These packages are expected for HTTP requests and rich CLI output, but users should be aware of runtime dependency resolution.
# /// script # requires-python = ">=3.11" # dependencies = ["httpx", "rich"] # ///
If reproducibility matters, pin or lock dependency versions in your local setup and install packages from trusted indexes.