Privacy-first web search with DuckDuckGo-style bangs (!w, !yt, !gh)
Security checks across malware telemetry and agentic risk
Overview
This appears to be a straightforward SearXNG search helper, with the main cautions being to use a trusted search instance and manage the optional Docker setup carefully.
This skill is reasonable to use if you intentionally configure where searches go. For best privacy, run your own SearXNG instance or use a reputable HTTPS instance, avoid sensitive searches on unknown public servers, and pin the Docker image version if you use the provided setup instructions.
VirusTotal
66/66 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Sensitive search terms may be visible to the operator or logs of the configured SearXNG server.
The script sends the user's search query to the configured SearXNG instance. This is required for the skill's purpose, but a public or untrusted instance could see the query.
SEARXNG_URL = os.environ.get('SEARXNG_URL', 'http://127.0.0.1:8080') ... url = f"{SEARXNG_URL}/search?{urllib.parse.urlencode(params)}" ... urllib.request.urlopen(req, timeout=15)Use a trusted self-hosted SearXNG instance when possible, prefer HTTPS for non-local instances, and avoid sending highly sensitive queries to public instances.
Future installs or updates could run a different SearXNG image than the one originally reviewed.
The Docker Compose example uses a mutable `latest` image tag for the supporting SearXNG service. The setup is disclosed and user-directed, but the image contents can change over time.
image: searxng/searxng:latest
Pin the SearXNG Docker image to a specific version or digest and update it deliberately.