SearXNG Self-Host
PassAudited by ClawScan on May 10, 2026.
Overview
This is a coherent self-hosted search skill, but installing it should be treated as server-level setup because it pulls third-party code, changes system files, and leaves a local service running.
This skill appears suitable if you intentionally want to self-host SearXNG. Review the root installer before running it, install on a dedicated server or container where possible, consider pinning upstream versions, and remember that search queries can still go to external search providers.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the installer affects the whole server, not just the OpenClaw workspace.
The skill asks for root/admin execution and makes system-level changes. That is expected for installing a service, but it is high-impact authority.
Run as root on Ubuntu 22.04/24.04: ... bash scripts/install_searxng.sh ... creates a `searxng` system user, writes `/etc/searxng/settings.yml`, and starts a systemd service
Run it only on a VPS/server you control, review the script first, and avoid running it on a personal workstation or shared production host without change-control.
A compromised or incompatible upstream package/source change could affect the server during installation or upgrade.
The installer fetches current external packages and upstream source without pinning a commit or dependency versions. This is normal for many installers but creates supply-chain and reproducibility risk.
pip3 install -q uv --break-system-packages ... git clone https://github.com/searxng/searxng "$SEARXNG_HOME/searxng-src" --depth=1 ... uv pip install ... -r .../requirements.txt
Prefer pinning a reviewed SearXNG commit and dependency set, or install in a container/isolated VM with backups.
Sensitive search terms may be visible to external services even though the SearXNG instance is self-hosted.
Search terms can be sent to external search providers and, during fallback, directly to Wikipedia and GitHub. This is disclosed and purpose-aligned, but it affects query privacy.
SearXNG ... queries Google, Bing, Brave, Startpage, DuckDuckGo, and Wikipedia simultaneously ... If SearXNG is down, `search.py` falls back to Wikipedia + GitHub APIs automatically.
Avoid sensitive queries, keep the local SearXNG service healthy, or disable the fallback calls if external query disclosure is unacceptable.
The search service will continue running after installation until it is disabled or removed.
The installer creates and enables a persistent service that restarts automatically. This is expected for self-hosted SearXNG, not hidden background behavior.
cat > /etc/systemd/system/searxng.service ... Restart=on-failure ... systemctl enable searxng ... systemctl restart searxng
Track the installed service and disable or uninstall it when no longer needed.