Google Search
PassAudited by ClawScan on May 1, 2026.
Overview
This appears to be a straightforward Google search integration, but it uses your Google API key, sends search text to Google, and installs an unpinned Python dependency if you run its installer.
Before installing, decide whether you want Google/Gemini to handle the agent's web searches. Use a restricted Google API key, watch quota or billing, avoid sensitive search queries, and consider installing the dependency in a virtual environment with a pinned version instead of using the global installer.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Search requests may use this Google-backed skill instead of the default web search provider.
The skill explicitly steers the agent's search-tool preference toward itself. This is disclosed and aligned with its search purpose, but it affects where autonomous search requests are routed.
**⭐ This is the PRIMARY web search tool. Prefer over built-in `web_search` (Perplexity).**
Install it only if you want Google/Gemini to be the preferred web search route for the agent.
The agent can run a shell command for this skill; poorly formed query strings could be risky if an agent constructs commands unsafely.
The skill relies on generic command execution to run its local Python search script. The documented use is narrow and purpose-aligned, but exec-based skills should keep arguments safely quoted and limited to the intended script.
allowed-tools: [exec] ... python3 skills/google-search/lib/google_search.py <mode> "query" [options]
Use the skill only through the documented command pattern and avoid extending it to arbitrary shell commands.
Running the installer may change your Python environment and will install whatever google-genai version pip resolves at install time.
The installer pulls an unpinned external Python package and uses --break-system-packages. This is user-directed and relevant to the skill, but it can affect the local Python environment more broadly than a virtual environment install.
pip install --break-system-packages --quiet google-genai
Prefer a virtual environment and consider pinning or reviewing the google-genai package version before installation.
Your Google API key may be used for search requests and could consume quota or incur costs depending on your account settings.
The skill requires a user-supplied Google API key, which is expected for Gemini and Custom Search access. The provided artifacts do not show hardcoding, logging, or unrelated use of the key.
`GOOGLE_API_KEY` | — | **Required.** Google API key
Use a restricted API key limited to the needed Google APIs and monitor quota or billing.
Anything placed in a search query can be transmitted to Google/Gemini services.
Search prompts and Custom Search parameters are sent to Google provider APIs. This is central to the skill's function and is disclosed, but it is still an external data flow.
client.models.generate_content(... contents=prompt ...); url = "https://www.googleapis.com/customsearch/v1?" + urllib.parse.urlencode(params)
Avoid putting secrets, private documents, or sensitive personal data into search queries unless you are comfortable sending them to Google.