brave-api-free-search
PassAudited by ClawScan on May 1, 2026.
Overview
The skill appears to provide the claimed local SearXNG-based web search, with some disclosed setup and persistence risks users should understand.
This skill looks coherent for local web search. Before installing, be comfortable running Docker, consider pinning or reviewing the SearXNG image, avoid --dev unless you intentionally want safe_search and the limiter disabled, and confirm SEARXNG_BASE_URL is not pointing to an endpoint you do not trust.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A future or different Docker image version could change the behavior of the local search service.
The installer runs the external Docker image searxng/searxng without a tag or digest pin, so the exact image version is not fixed by the artifact.
"docker run -d --name searxng-local " ... "--restart unless-stopped " ... "searxng/searxng"
Install only if you are comfortable with this Docker image source, and consider pinning a specific trusted SearXNG image tag or digest.
The search service may keep running in the background and use local resources after initial setup.
The skill explicitly discloses that installation creates a background container that persists across restarts until the user removes it.
Installation deploys a persistent Docker container (`searxng-local`) with `--restart unless-stopped`.
Use the documented removal command, `docker rm -f searxng-local`, when you no longer want the service running.
If SEARXNG_BASE_URL is set to a remote or untrusted endpoint, search queries could be sent there.
Search requests default to localhost, but an environment variable can redirect queries to another SearXNG endpoint.
BASE_URL = os.environ.get("SEARXNG_BASE_URL", DEFAULT_BASE).rstrip("/")Verify SEARXNG_BASE_URL before use, especially if search queries may contain sensitive information.