serper-search
PassAudited by ClawScan on May 10, 2026.
Overview
The skill appears to do what it claims: it sends user search queries to Serper.dev using a Serper API key, with no hidden endpoints, persistence, or destructive behavior shown.
This looks safe for its stated purpose. Before installing, provide only a Serper.dev API key you are comfortable using for automated searches, remember that your search queries are sent to Serper.dev, and consider using a dedicated key with quota limits.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Searches made through the tool may consume your Serper.dev quota and are associated with the API key you provide.
The plugin uses a configured or environment Serper API key to authenticate outbound Serper.dev API calls. This is expected for the stated purpose, but it gives the tool access to the user's Serper account quota.
const apiKey =
pluginConfig.apiKey || process.env.SERPER_API_KEY || "";
...
"X-API-KEY": apiKeyUse a dedicated Serper.dev API key with appropriate quota limits, and only enable the plugin if you are comfortable sending search queries to Serper.dev.
If installed through a package manager, the exact dependency version may vary over time.
The dependency is declared with a semver range rather than an exact pinned version, so an install could resolve a newer compatible package version. The dependency appears purpose-aligned for tool parameter schemas, and no install script is shown.
"dependencies": {
"@sinclair/typebox": "^0.32.0"
}Prefer installing from a reviewed source or lockfile if reproducibility matters.