Private Deep Search
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may enter sensitive searches believing they never leave the machine, when search engines and fetched websites can still see queries or request metadata.
The privacy guide makes an absolute claim that no third party sees queries while also acknowledging that external search engines receive the query and IP information.
### 2. Self-Hosted = No Logs - SearXNG runs on YOUR machine - No third-party sees your queries ... | **DuckDuckGo** | Your IP*, search query | Nothing else |
Treat search queries as shared with external engines and result sites; use a VPN/Tor if needed and avoid searching highly sensitive secrets.
Other devices that can reach the host may be able to use the SearXNG instance, potentially exposing search activity or abusing the user's network.
A Docker Compose port mapping without an explicit 127.0.0.1 bind commonly publishes the service on all host interfaces, which is broader than the localhost-only framing in the documentation.
ports: - "8888:8080"
Bind the port to localhost, for example `127.0.0.1:8888:8080`, and use a firewall or access controls if the machine is on an untrusted network.
Search providers and fetched websites may see queries, URLs requested, IP address, timing, and related metadata.
External search providers are part of the intended workflow, so query data leaves the local machine even though the tool is self-hosted.
melt queries DuckDuckGo, Brave, Startpage, and friends.
Do not assume full anonymity; use a VPN or Tor for stronger network privacy and avoid sensitive personal or confidential queries.
The installed container can change over time, making behavior less reproducible and harder to audit.
The setup uses a mutable `latest` container tag, so future installs may run different upstream code than what was reviewed.
image: searxng/searxng:latest
Pin the SearXNG image to a specific version or digest and review updates before applying them.
The local search service may continue running after a research task finishes.
The service is designed to persist and restart in the background until manually stopped.
restart: unless-stopped
Stop the container when not needed, for example with `docker-compose down`, and document cleanup steps for users.