ClawHub
Code Pluginsource linked

Web Search Plus Plugin V2v2.2.9

OpenClaw plugin: multi-provider web search (Serper/Google, Tavily, Linkup, Querit/Multilingual AI Search, Exa/Neural+Deep, Firecrawl, Perplexity, You.com, SearXNG) with intelligent auto-routing. Requires at least one configured provider API key or SearXNG instance URL.

web-search-plus-plugin-v2·runtime web-search-plus-plugin-v2·by @robbyczgw-cla
Community code plugin. Review compatibility and verification before install.
openclaw plugins install clawhub:web-search-plus-plugin-v2
Latest release: v2.2.9Download zip

Capabilities

Tags
executes-code
configSchema
Yes
Executes code
Yes
HTTP routes
0
Runtime ID
web-search-plus-plugin-v2

Compatibility

Built With Open Claw Version
2026.4.2
Plugin Api Range
>=2026.3.22
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, declared config keys (SERPER/TAVILY/LINKUP/EXA/FIRECRAWL/PERPLEXITY/KILOCODE/YOU/SEARXNG), and code all implement multi-provider search and extraction. No unrelated credentials or binaries are requested.
Instruction Scope
Runtime behavior (fetching provider APIs, performing page extraction, writing a local cache and provider health file under the plugin directory) is within expected scope. The plugin can contact external search/extraction services and a user-supplied SearXNG instance. There is an explicit SEARXNG_ALLOW_PRIVATE option described as a "danger flag" — enabling it disables private-network/SSRF protections and is only appropriate on fully trusted networks.
Install Mechanism
No install-time downloads or external installers; this is an instruction/source-bundle plugin. All files are included in the package; nothing is fetched from arbitrary URLs at install time.
Credentials
Requested environment variables are the provider API keys and a SearXNG URL which are directly needed for the plugin's functionality. The plugin reads a plugin .env and process.env only for the listed keys. No unrelated secrets are requested.
Persistence & Privilege
always is false and the plugin only writes a .cache directory and provider_health.json inside its plugin directory. Autonomous invocation is allowed (platform default) but not combined with elevated privileges or cross-plugin/system config modification.
Assessment
This plugin appears coherent with its stated purpose. Before installing: (1) only provide API keys for providers you trust and intend to use; (2) expect the plugin to make outbound requests to those providers and to the SearXNG URL you supply; (3) it stores cache and a provider health file under the plugin directory (.cache/provider_health.json) — review those files if you need to audit behavior; (4) do NOT enable SEARXNG_ALLOW_PRIVATE unless you fully trust the SearXNG instance and the network (it disables SSRF/private-network protections); (5) if you want extra assurance, review the full repository at the stated git URL and confirm no additional hidden behavior before granting credentials.

Verification

Tier
source linked
Scope
artifact only
Summary
Validated package structure and linked the release to source metadata.
Source
github.com/robbyczgw-cla/web-search-plus-plugin
Commit
6e4c765cd04e
Tag
v2.2.9
Provenance
No
Scan status
clean

Tags

latest
2.2.9