Skillv0.1.11

ClawScan security

MySearch · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 20, 2026, 5:42 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: MySearch's declared purpose (aggregating multiple search providers behind a proxy) matches its files and runtime behavior; it requires no unexplained privileges, but it will read local config files and env vars and will send queries/credentials to whatever proxy/provider URLs you configure, so only point those at hosts you trust.
Guidance: This skill appears to do what it says: route search queries to configured providers or a proxy. Before installing: (1) only set MYSEARCH_PROXY_BASE_URL to a host you trust (that host will see queries and any credentials you route through it); (2) prefer injecting secrets into OpenClaw's skill env rather than copying .env into the bundle; (3) be aware the runtime will try to read openclaw.json, ~/.codex/config.toml, and local .env or keys files as fallbacks—review those files for any secrets you don't want the skill to pick up; (4) run the provided health check in a controlled environment first (python3 scripts/mysearch_openclaw.py health) and verify provider base URLs and available_keys in the output; (5) if you need higher assurance, inspect the runtime Python files (clients.py, config.py, keyring.py) to confirm which endpoints and files will be contacted/read.

Review Dimensions

Purpose & Capability: okThe skill is a search aggregator that routes requests to Tavily, Firecrawl, Exa, and optional social/X providers. The declared binaries (bash, python3), bundled runtime code, wrapper script, and env vars (proxy and provider keys) are consistent with that purpose.
Instruction Scope: noteSKILL.md and scripts instruct the agent to copy the bundle, load env from OpenClaw skill config or local .env, run health/search/extract via scripts/mysearch_openclaw.py. The runtime will also attempt to read openclaw.json (explicit) and may load CODEX_HOME ~/.codex/config.toml and local .env files as fallbacks—this can surface additional environment entries or keys from those user config files. The README and SKILL.md explicitly warn about preferring OpenClaw env injection and to only point the proxy to a trusted host.
Install Mechanism: okNo remote downloads in the bundled installer; install_openclaw_skill.sh copies local files and preserves runtime. The bundle includes runtime Python modules that will run locally. There are no URLs to arbitrary remote code in the install spec.
Credentials: noteRequired envs (proxy base URL and API key, optional provider keys) are proportional to a search aggregator. However, runtime reads other envs and local files as fallbacks (openclaw.json, ~/.codex/config.toml, runtime/.env and root .env, and optional provider keys files like accounts.txt). That behavior is reasonable for configuration convenience but could unexpectedly pick up secrets from user config files if present.
Persistence & Privilege: okalways is false and the skill does not request persistent/global privileges. The installer can copy an .env into the skill only if explicitly asked (via --copy-env). The skill does not modify other installed skills or force-enable itself.