Ddg 1.0.0
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the chosen package source or repository is not trusted, installation could modify the local system with elevated privileges.
The documented setup options include external package/source installation with elevated privileges. This is expected for installing ddgr, but users should verify the source before running these commands.
sudo add-apt-repository ppa:twodopeshaggy/jarun ... git clone https://github.com/jarun/ddgr.git ... sudo make install
Prefer a trusted OS package or verified upstream release, and avoid running the source-install path unless you trust the repository and understand the sudo install step.
Opening the first result automatically may visit an unexpected site, and disabling safe search changes filtering behavior.
The skill documents ddgr options that can open a search result directly or disable safe search. These are disclosed and user-directed, but should be used deliberately.
Open first result in browser: `snap run ddgr "query" --ducky` ... `--unsafe` | Disable safe search
Review results before opening them when possible, and use `--ducky` or `--unsafe` only when the user specifically wants that behavior.
A user might over-trust the privacy wording and search for sensitive information that still leaves the local machine.
The privacy claims are broad for a web-search tool. The skill is purpose-aligned, but users should still understand that search terms are sent to DuckDuckGo and bang destinations may involve third-party sites.
Privacy Features - No user tracking or profiling - Do Not Track enabled by default - No stored search history
Do not include passwords, tokens, private documents, or other secrets in web search queries, even when using a privacy-focused search tool.