ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Augmented Search

v1.1.3

Provides concurrent web search and code search capabilities for Agents with hybrid retrieval. Supports searching multiple keywords simultaneously, Embedding...

0· 410·0 current·0 all-time
by@sebrinass
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The SKILL.md clearly requires a SearXNG instance (SEARXNG_URL) and optionally embedding/Context7 API keys, which are coherent with a web+code search tool. However the registry metadata reported 'Required env vars: none' — that's an internal inconsistency (the skill does need SEARXNG_URL). Other requested options (embedding APIs, Context7) are proportionate to the stated hybrid retrieval capability.
Instruction Scope
Runtime instructions focus on running a local HTTP service, calling SearXNG, and using mcporter or curl against the local augmented-search endpoints. The docs explicitly warn that public SearXNG instances can see queries (privacy risk). The instructions do not ask the agent to read unrelated host files or exfiltrate data, but they do recommend installing and calling networked components which will transmit user queries to whatever SEARXNG/embedding endpoints are configured.
Install Mechanism
There is no formal install spec in the registry (instruction-only), which reduces direct disk writes by the skill itself. The docs recommend running Docker images from ghcr.io and searxng/searxng (common), and optionally installing Ollama via a curl | sh command — the latter is a higher-risk pattern because it downloads and executes remote installer scripts. npm install -g augmented-search is also suggested (typical but pulls from npm).
!
Credentials
SKILL.md marks SEARXNG_URL as required and lists optional secrets (EMBEDDING_API_KEY, EMBEDDING_BASE_URL, CONTEXT7_API_KEY). Those optional keys make sense for embedding/code search. The problem is metadata mismatch: the registry reported no required env vars while SKILL.md requires SEARXNG_URL — this mismatch could lead to accidental misconfiguration. Also using public SEARXNG endpoints will expose search queries to third parties.
Persistence & Privilege
The skill is not always-enabled, is user-invocable, and has no code files writing to agent configs or other skills. It does not request persistent platform-level privileges.
What to consider before installing
This skill appears to be a legitimate augmented-search integration, but exercise caution before installing: 1) The registry metadata omitted the required SEARXNG_URL — ensure you set SEARXNG_URL to a SearXNG instance you control (avoid public instances if you care about query privacy). 2) Optional embedding and Context7 API keys are reasonable for hybrid retrieval, but only provide keys you trust. 3) The docs suggest installing Ollama using curl | sh — avoid piping unknown install scripts; prefer vetted installation methods or inspect the script first. 4) The service runs as a Docker or npm application and will transmit queries to configured endpoints (SearXNG, embedding services) — review and verify those endpoints and container images (ghcr.io) before use. 5) Because the registry metadata and SKILL.md disagree, verify configuration expectations in the GitHub repo and test in an isolated environment first.

Like a lobster shell, security has layers — review code before you run it.

latestvk974pv9ts0wfkf2vaq3asqe63s829sq8
410downloads
0stars
3versions
Updated 8h ago
v1.1.3
MIT-0
@sebrinass
latest
Download

Augmented Search

为 Agent 提供高效的本地联网搜索和代码搜索能力。

快速开始

前置条件: SearXNG 实例(必需)

Docker 方式(推荐):

docker run -d --name searxng -p 8080:8080 searxng/searxng:latest
docker run -d --name augmented-search -p 3000:3000 \
  -e SEARXNG_URL=http://host.docker.internal:8080 \
  ghcr.io/sebrinass/mcp-augmented-search:latest

npm 方式:

npm install -g augmented-search
SEARXNG_URL=http://localhost:8080 augmented-search

提供的工具

search — 思考 + 并发搜索

支持混合检索和链接去重,一次请求最多搜索 3 个关键词。

必填参数:

  • thought — 当前思考内容
  • thoughtNumber — 当前思考步骤编号
  • totalThoughts — 预计总思考步骤数
  • nextThoughtNeeded — 是否需要继续思考

可选参数:

  • searchedKeywords — 搜索关键词列表(最多 3 个并发)
  • site — 限制搜索域名

read — URL 内容提取

读取网页内容,支持 JS 渲染降级和正文提取。

参数:

  • urls — URL 数组
  • startChar / maxLength — 分页读取
  • section — 提取指定章节
  • paragraphRange — 段落范围
  • readHeadings — 仅返回标题列表

library_search — 搜索编程库

搜索编程库,获取 Context7 兼容的库 ID。

参数:

  • query — 用户问题(用于相关性排序)
  • libraryName — 库名,如 react

library_docs — 查询库文档

查询库的文档和代码示例。

参数:

  • libraryId — 库 ID,如 /facebook/react
  • query — 用户问题

配置

必填

变量说明
SEARXNG_URLSearXNG 实例地址

常用可选

变量默认值说明
EMBEDDING_BASE_URL-Embedding API 端点(启用混合检索)
MCP_HTTP_PORT-HTTP 模式端口
SEARCH_TIMEOUT_MS30000搜索超时(毫秒)

完整配置请参阅 GitHub 仓库配置文档

性能建议

模式页数超时相关性
纯文本110-15秒~50%
混合检索330-60秒~80%

其他建议:

  • 搜索关键词并发不超过 3 个
  • 在 SearXNG 配置中过滤视频网站以提升结果质量

工具使用示例

使用 mcporter 调用

# 列出工具
mcporter list http://localhost:3000/mcp

# 调用搜索
mcporter call http://localhost:3000/mcp.search \
  thought="搜索测试" \
  thoughtNumber=1 \
  totalThoughts=1 \
  nextThoughtNeeded=false \
  searchedKeywords='["hello world"]'

# 调用 URL 读取
mcporter call http://localhost:3000/mcp.read \
  urls='["https://example.com"]'

# 调用代码库搜索
mcporter call http://localhost:3000/mcp.library_search \
  query="如何使用 React hooks" \
  libraryName="react"

# 调用代码文档查询
mcporter call http://localhost:3000/mcp.library_docs \
  libraryId="/facebook/react" \
  query="useEffect cleanup"

使用 REST API

# 健康检查
curl http://localhost:3000/health

# 搜索
curl -X POST http://localhost:3000/api/search \
  -H "Content-Type: application/json" \
  -d '{"thought":"测试","thoughtNumber":1,"totalThoughts":1,"nextThoughtNeeded":false,"searchedKeywords":["hello"]}'

# 读取 URL
curl -X POST http://localhost:3000/api/read \
  -H "Content-Type: application/json" \
  -d '{"urls":["https://example.com"]}'

详细安装

完整安装指南请参阅 GitHub 安装文档,包含:

  • Docker 完整安装
  • npm + 已有 SearXNG
  • SearXNG 配置详解
  • OpenClaw 集成
  • 常见问题

资源链接

Comments

Loading comments...