Skillv1.0.10

ClawScan security

local-search-pro · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 16, 2026, 9:48 AM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is internally consistent with its stated purpose: it deploys a local SearxNG container and provides local search wrappers; it requests Docker/python which match its behavior and does not ask for unrelated credentials — but it creates a persistent local Docker container and includes a hard-coded secret key and a dev mode that disables safety features, so users should be aware of those operational risks.
Guidance: This skill appears to do what it claims (deploy a local SearxNG instance and call it). Before installing: (1) Understand it will create a detached Docker container named searxng-local that restarts on reboot — remove it with 'docker rm -f searxng-local' when done. (2) The install will pull the searxng/searxng image from Docker Hub; inspect the image or its source if you need higher assurance. (3) The settings include a hard-coded secret_key; consider editing searxng/settings.yml to a unique secret before starting. (4) Avoid using --dev on any machine you care about (it disables safe_search and rate limiting). (5) The container is mapped to host 127.0.0.1:8080; ensure your Docker host/network settings don't inadvertently expose that port. If you need higher confidence, review the upstream searxng image and run the container in a constrained environment (limited privileges, user namespaces) or inspect the image contents before first run.

Review Dimensions

Purpose & Capability: okName/description (local SearxNG-based search proxy) align with the included scripts and settings. Required binaries (docker, python3) are appropriate for running the provided install and runtime scripts. The skill does not request unrelated credentials or services.
Instruction Scope: noteSKILL.md and the scripts limit network interactions to the local SearxNG instance. The install script writes a settings.yml and runs docker run; search and healthcheck call the local HTTP endpoints. One nuance: the settings inside the container bind to 0.0.0.0 while the docker command maps the container port to host 127.0.0.1:8080 — this effectively restricts exposure to localhost but is a subtle detail (the README claims 'container binds to 127.0.0.1 only'). Dev mode intentionally disables limiter and safe_search (documented), which weakens safety and should only be used locally.
Install Mechanism: noteThere is no packaged install spec; the included install.py calls 'docker run searxng/searxng', which will pull the image from Docker Hub at runtime. Pulling an image from a public registry is expected here but carries the usual trust risk: users should verify the image origin and contents before running.
Credentials: okNo credentials or external environment variables are required. The code optionally respects SEARXNG_BASE_URL (not listed as required), which is reasonable. One minor issue: a fixed secret_key is written into settings.yml (local_search_pro_secure_2026) — this is not a requested credential, but it is a hard-coded secret that users may wish to change for better security.
Persistence & Privilege: noteThe install script runs the container detached with '--restart unless-stopped', creating a persistent background service that restarts on reboot. The SKILL.md explicitly warns about this. 'always: false' is used; the skill does not auto-enable itself across all agents, but the persistent container is a system-level artifact and requires user consent.