Augmented Search
PassAudited by ClawScan on May 1, 2026.
Overview
Augmented Search is coherent with its search purpose, but users should notice that it relies on external server installs and may share search/context data with configured services.
This skill appears suitable for its stated search role. Before installing, verify the upstream Docker/npm sources, pin versions if possible, keep the HTTP service local or firewalled, and avoid sending confidential queries or agent reasoning to public SearXNG or cloud embedding providers.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the skill as documented means trusting upstream packages or images that can change over time.
The documented setup relies on external container/package/script sources and uses unpinned or latest-style references. This is disclosed and purpose-aligned, but the installed runtime is not contained in the submitted artifacts.
image: ghcr.io/sebrinass/mcp-augmented-search:latest ... npm install -g augmented-search ... curl -fsSL https://ollama.com/install.sh | sh
Use pinned versions or image digests where possible, install from verified sources, and review the upstream repository/package before use.
If the service is exposed beyond the local machine, other users on the network may be able to trigger searches or URL reads.
The skill exposes an HTTP/MCP-style service and a URL-reading endpoint. This fits the search purpose, but the artifacts do not describe authentication or network access controls.
docker run -d --name augmented-search -p 3000:3000 ... curl -X POST http://localhost:3000/api/read ... urls
Bind the service to localhost or firewall it, avoid exposing it publicly, and only allow trusted agents or users to call the endpoint.
Any keys supplied to the service could be used by that service to call the configured provider.
Optional provider credentials are declared for embedding re-ranking and code documentation search. This is expected for those integrations, with no artifact evidence of hardcoding, logging, or unrelated credential use.
EMBEDDING_API_KEY ... EMBEDDING_BASE_URL ... CONTEXT7_API_KEY
Use dedicated, revocable, least-privileged API keys and avoid sharing high-value organization credentials unless needed.
Private prompts, reasoning summaries, or sensitive search context could be shared with the configured service if the agent includes them.
The tool interface can receive the agent's current thought/context and may use an embedding provider when configured. This is relevant to search quality, but it broadens the data sent to the local MCP service and optional providers.
search — 思考 + 并发搜索 ... `thought` — 当前思考内容 ... `EMBEDDING_BASE_URL` — Embedding API 端点(OpenAI 兼容)
Keep tool inputs minimal, avoid putting secrets or confidential reasoning in the thought/query fields, and prefer local providers for sensitive work.
The service may continue running after setup until the user stops or removes it.
The Docker Compose example configures the search services to keep running and restart automatically. This is disclosed server behavior, not hidden persistence.
restart: unless-stopped
Stop or remove the containers when they are no longer needed, and monitor exposed ports on shared machines.