Agent Searchkit
ReviewAudited by ClawScan on May 16, 2026.
Overview
The skill mostly matches its search/research purpose, but its “queries never leave your machine” privacy claim conflicts with its documented use of external search engines.
Review this before installing if privacy matters. It appears to be a legitimate local-first search integration, but web searches likely still go through external search engines via SearXNG, so do not search secrets or private data unless you have verified the SearXNG setup. Run it with minimal environment variables and be aware that research results are saved under local run artifacts.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Sensitive search queries may be sent to external search providers even though the documentation suggests they stay local.
The README claims queries never leave the machine, but its architecture diagram shows SearXNG sending searches to external search engines. This could lead users to overtrust the privacy posture.
“🔒 **完全本地** — 查询永不出本机,零遥测,无需 API Key” ... “SearXNG ... Google ... Bing ... DuckDG ... Qwant”
Treat searches as external web requests unless you have verified your SearXNG configuration; avoid searching secrets or private data, and the publisher should clarify the privacy claim.
An agent may perform web searches through this provider during normal tasks after you configure it as default.
The documentation shows the skill can become the default web search provider, so agent web_search calls will automatically use this tool once the user enables it.
openclaw config set tools.web.search.provider agent-searchkit ... “Agent 调用 web_search 时自动走 agent-searchkit”
Enable it only if you are comfortable with the provider behavior, and disable or change the default web search provider if you do not want automatic routing through this plugin.
Local helper commands may run as part of the skill’s operation, with the same user privileges as the agent process.
The runtime can spawn local commands. This is plausible for a local search/service integration, but it is a sensitive capability.
const child = spawn(command, args, {Use the skill from a trusted source, review the configured service commands, and avoid running it with unnecessary privileges.
If your agent process has secrets in environment variables, spawned helper processes may be able to read them.
Spawned child processes inherit the full ambient environment, which may include unrelated API keys or credentials even though the skill declares no required credentials.
env: process.env,
Run the agent with a minimal environment and avoid exposing unrelated credentials to this skill’s runtime.
Search terms and retrieved results may remain in local files after the task finishes.
The skill intentionally stores research queries and search results on disk for later use.
“Research Runs ... persist results as artifacts: runs/... search.json ... report.md”
Review and delete research run files when they contain sensitive topics, and avoid sharing the runs directory unintentionally.
Installation depends on external components that may change over time or may not be obvious from the registry metadata.
The setup relies on external Docker/Node tooling and an unpinned Docker image, while registry metadata does not declare required binaries or an install spec.
“Prerequisites ... Docker ... Node.js 18+” and “docker run -d --name searxng -p 8888:8080 searxng/searxng”
Install only from the expected repository, consider pinning Docker image versions, and verify Docker/Node prerequisites before use.