Websearch
PassAudited by ClawScan on May 1, 2026.
Overview
This is a purpose-aligned web search skill, but users should notice that it relies on external search/reader providers and references missing Node package files/scripts.
This skill appears benign for basic web search use. Before installing, confirm the missing package files and dependencies come from a trusted source, and avoid using it with private URLs, tokenized links, or sensitive search terms.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill may not run as packaged, and users could be tempted to obtain or create missing files from another source before executing npm or Node commands.
The documentation tells users to install dependencies and run Node scripts, but those runnable files and package metadata are not included in the supplied artifact manifest. This creates a provenance/packaging gap users should check before running setup.
`npm install` ... `search.js` ... `exasearch.js` ... `ReadResult.js` ... `package.json`
Verify the actual package contents and dependency source before running `npm install` or any referenced script.
Private URLs, sensitive search terms, or links containing tokens could be exposed to third-party services if used with this skill.
The skill discloses that URL reading and search are handled through external providers, meaning submitted URLs and search queries may be shared outside the local environment.
Jina Reader API ... Endpoint: `https://r.jina.ai/` ... Exa Search API ... Provider: Exa (via mcporter)
Avoid submitting confidential URLs, access-token-bearing links, or sensitive search queries unless you are comfortable sharing them with the disclosed providers.