UnSearch
PassAudited by ClawScan on May 1, 2026.
Overview
UnSearch is a coherent instruction-only web search skill with expected API-key and external-provider data flows, but users should protect the key and treat retrieved web content as untrusted.
This skill appears safe to install if you want UnSearch web search and research capabilities. Before using it, protect the UNSEARCH_API_KEY, avoid sending sensitive searches or private URLs unless you trust the provider, and make sure the agent treats scraped web pages as information sources rather than instructions.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A web page returned by the API could include text that tries to influence the agent if the agent treats retrieved content as instructions.
The skill retrieves full web page content for agent use; that content may contain untrusted instructions or misleading text.
"scrape_content": true ... "scraped_content": { "text": "Full page content..." }Treat search results and scraped content as data, not as agent instructions; verify important claims with multiple sources.
Anyone who obtains the API key may be able to use the user's UnSearch quota or account access.
The skill requires an UnSearch API key to authenticate requests; this is expected for the service but is still a credential.
All requests require header: `X-API-Key: $UNSEARCH_API_KEY`
Store the API key securely, avoid sharing it in prompts or logs, and rotate it if it may have been exposed.
Search terms, URLs, and research topics may be visible to the external API provider.
Queries and URLs are sent to an external UnSearch API provider, which is central to the skill's purpose.
**Base URL:** `https://api.unsearch.dev/api/v1` ... `query`: "your search query" ... `urls`: ["https://example.com/article"]
Avoid sending confidential queries or private URLs unless the provider's privacy and retention practices are acceptable.