Multi-Search Fallback
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a disclosed, instruction-only multi-search helper, but it can send one search query to several search services or child tasks and has a minor publisher-metadata inconsistency.
This skill appears reasonable for multi-source web research. Before installing, be comfortable with your search terms being sent to several search providers or child search skills, avoid including secrets in queries, check any downstream API-key configuration, and verify the publisher metadata if provenance is important.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A search may take longer, use more provider quota, or send the query to more search services than the user expected.
The skill directs the agent to automatically chain multiple search tools for some queries. This is purpose-aligned and disclosed, but it means a single user request may trigger several provider/tool calls without separate confirmation.
用户未指定搜索工具时,默认按优先级尝试 ... 争议查证 ... 调用 4+ 个源
For sensitive or time-critical searches, explicitly ask for a single source or require confirmation before deep or multi-source search.
Search terms, including any sensitive details typed into the query, may be passed to multiple child tasks or search integrations.
The skill delegates work to child sessions or other search skills, so the user's query and retrieved results cross task/tool boundaries. This is expected for a search aggregator, but the artifacts do not define detailed boundary controls.
调用搜索技能时,通过 `sessions_spawn` 启动子任务并获取结果。
Avoid putting secrets or proprietary information in search queries, and review the downstream search skills if handling sensitive research.
If Tavily is configured, searches may be performed under the user's Tavily API account and may consume quota or be visible to that provider.
One optional downstream search source may use an API key. The reviewed skill does not itself store or request credentials, but credentialed provider use is part of the broader workflow.
`tavily-search` | AI 优化结果(需 API key)
Use scoped API keys for downstream search providers and disable or avoid credentialed sources when they are not needed.
The package identity is not perfectly consistent across metadata sources, which may make publisher trust harder to assess.
The supplied registry metadata lists a different Owner ID, `kn7483epw2xn6mhpy41r232e2h81snyd`. Because there is no executable code or install payload, this is a provenance note rather than a security concern.
"ownerId": "kn7cv05f00kdbz76tfrgzjjcrs80vm51"
Verify the publisher or source before relying on the skill in a trusted workflow.