Back to skill
Skillv1.0.0
ClawScan security
Ask Search · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 13, 2026, 11:46 PM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code, instructions, and requirements are internally consistent with a SearxNG-based local search wrapper and do not request unrelated credentials or perform unexpected actions.
- Guidance
- This skill appears to do what it says: it expects you to run a local SearxNG instance (default http://localhost:8080) and provides a CLI and optional MCP server integration. Before installing: (1) review and run install.sh as a non-root user or pass a user-writable install path instead of blindly using /usr/local/bin, (2) ensure you trust the repository source you cloned from, and (3) be aware that any 'deep-dive' fetching (web_fetch/curl/Playwright or SOCKS proxy instructions) will make outbound requests to the target websites or route traffic through your proxy — those network actions can expose queries or require you to trust remote endpoints. If you don't want to run a local SearxNG, do not set SEARXNG_URL to a remote service you don't control.
Review Dimensions
- Purpose & Capability
- okName/description claim a local SearxNG search wrapper; included files (core.py, mcp/server.py, install.sh) implement that exact functionality and only depend on curl/python and an optional SEARXNG_URL. Nothing unrelated (cloud creds, extraneous services, or system-level access) is requested.
- Instruction Scope
- okSKILL.md and README instruct the agent to run the CLI to get snippets and optionally call an external web_fetch for deep-dive content. Guidance on proxies, Playwright, and systemd is advisory for fetching blocked sites and is within scope for improving fetch reliability, not hidden data collection.
- Install Mechanism
- okNo remote arbitrary downloads or extract steps in the provided install.sh — it writes a small wrapper to the chosen bin dir and tests connectivity. README suggests git-cloning from GitHub (standard). No suspicious external URLs, shorteners, or binary drops are present in the installer.
- Credentials
- okThe skill requires no secrets or credentials. It optionally reads SEARXNG_URL (documented) which is proportionate to the purpose. There are no requests for unrelated env vars or config paths.
- Persistence & Privilege
- okSkill is not always-enabled and does not attempt to change other skills or system-wide agent configs. The installer places a wrapper in a bin directory (normal) but does not persist credentials or enable autonomous escalation.