ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

cn-ai-search

v1.0.1

中文AI Agent专用多平台聚合搜索工具,开箱即用,国内网络友好

0· 208·1 current·1 all-time
byMiaozai Studio@niukesi

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for niukesi/cn-ai-search.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "cn-ai-search" (niukesi/cn-ai-search) from ClawHub.
Skill page: https://clawhub.ai/niukesi/cn-ai-search
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required binaries: python3
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install cn-ai-search

ClawHub CLI

Package manager switcher

npx clawhub@latest install cn-ai-search
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill's advertised purpose (local multi-engine Chinese search aggregator) is plausible, but metadata and shipped files disagree about required credentials: SKILL.md and top-level registry say no env vars needed, metadata.json declares TAVILY_API_KEY required, and config.py contains hardcoded TAVILY_API_KEY and JINA_API_KEY. Including these embedded keys is disproportionate to the stated 'open-box' claim and is inconsistent with the registry metadata.
!
Instruction Scope
Runtime instructions are simple (pip install, link index.py), and index.py itself performs network fetches. However, the code routes target URLs to the third‑party service r.jina.ai (jina_url = 'https://r.jina.ai/{url}'), which causes the contents of visited search result pages to be fetched by and transmitted to that external service. SKILL.md/README do not disclose use of r.jina.ai or that page contents will be sent to a third party. README mentions Tavily summarization, but index.py does not call Tavily — another inconsistency.
Install Mechanism
There is no packaged install spec; SKILL.md instructs pip install -r requirements.txt and creating a symlink in /usr/local/bin. This is a common, low-complexity install, but creating a symlink under /usr/local/bin requires elevated permissions and will place an executable on PATH. Pip install will fetch packages from PyPI (requirements are normal).
!
Credentials
The package does not declare required env vars to the registry, yet config.py contains two hardcoded API keys (TAVILY_API_KEY and JINA_API_KEY). Hardcoded keys are a red flag: they may be developer-owned credentials (risk of abuse/billing), and the metadata.json's claim that a TAVILY_API_KEY is required contradicts the SKILL.md claim of 'no API keys needed for basic features.' The code will optionally send an Authorization header to the Jina endpoint if JINA_API_KEY is present in config.py, meaning bundled credentials could be used automatically.
Persistence & Privilege
The skill does not request always:true, does not modify other skills or agent-wide config, and is user-invocable only. The only system change suggested in docs is creating a symlink to /usr/local/bin, which is local and limited in scope.
What to consider before installing
This package is internally inconsistent and carries privacy/billing risk. Specific points to consider before installing: - Hardcoded API keys: config.py contains TAVILY_API_KEY and JINA_API_KEY embedded in the repo. These keys could be used by the skill to call external services (and might belong to the author). That can lead to unexpected network calls, quota consumption, or abuse tied to someone else's account. Prefer to remove bundled keys and set your own credentials via a secure config or environment variable. - Third‑party fetches: the code forwards target URLs to https://r.jina.ai/... to fetch page content. That means the full content (and the fact you searched a URL) will be transmitted to a third party. If you plan to search sensitive pages, this is a privacy/exfiltration risk. - Metadata mismatch: metadata.json and README mention Tavily and require an API key, but SKILL.md and registry metadata claim 'no env vars required' — this discrepancy suggests the package has not been curated carefully and may behave differently than advertised. - Installation touches system path: the README suggests symlinking into /usr/local/bin (requires elevated privileges). Avoid running install commands as root without auditing code. Recommendations: - Do not install as-is on sensitive systems. Clone and audit/modify code: remove or replace hardcoded keys, and ensure credentials are provided by you explicitly (and not committed into files). - If you must use it, sandbox network access or review outbound traffic to r.jina.ai and Tavily endpoints first. - Contact the author/source for clarification and a trusted distribution (no embedded keys), or prefer an implementation that clearly documents required credentials and privacy implications.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🔍 Clawdis
Binspython3
latestvk977pdtej5xthpmx5kaz92fys5837ptf
208downloads
0stars
2versions
Updated 22h ago
v1.0.1
MIT-0
Miaozai Studio@niukesi
latest
Download

🔍 cn-ai-search - 中文AI聚合搜索Skill(轻量版)

专为中文AI Agent/智能体优化的多平台聚合搜索工具,一次查询覆盖全网主流中文平台,自动去重过滤广告,输出干净结构化结果。

🧠 设计理念:AI-First 搜索范式

传统搜索是给人用的——充满广告、SEO垃圾、重复内容。cn-ai-search 是专门为 AI Agent 设计的搜索:

  • 无广告污染:专为大模型设计的干净输出,没有任何广告干扰
  • 结构化数据:直接输出结构化结果,Agent 不用自己解析
  • 多源融合:一次查询覆盖多个平台,AI 获得的是全网视角

✨ 核心特点

特点说明
📦 开箱即用无需API密钥,安装就能用
🇨🇳 中文全覆盖百度、微信公众号、知乎、B站全覆盖
🧹 自动净化过滤广告、SEO垃圾、重复内容,结果干净直接喂大模型
🌏 国内友好对国内网络优化,海外服务器也能正常访问

🚀 支持平台

✅ 基础可用(无需配置):

  • 百度搜索
  • 微信公众号搜索(搜狗)
  • 知乎搜索
  • B站搜索
  • 必应中国
  • 360搜索
  • 搜狗搜索
  • 头条搜索

📖 快速使用

# 同时搜索所有默认平台
cn-ai-search "AI Agent 商业化"

# 指定平台搜索(多个用逗号分隔)
cn-ai-search --platforms baidu,zhihu "你的搜索关键词"

# 按最新排序
cn-ai-search --sort latest "热点事件"

# 指定结果数量
cn-ai-search --count 30 "你的关键词"

# 输出纯文本
cn-ai-search --format plain "你的关键词"

🔧 安装

# 安装Python依赖
pip install -r requirements.txt

# 创建命令链接
ln -s $(pwd)/index.py /usr/local/bin/cn-ai-search
chmod +x /usr/local/bin/cn-ai-search

🎯 适用场景

  • AI Agent需要获取实时中文信息
  • 商业情报搜集、商机挖掘
  • 多平台内容聚合调研
  • 市场分析、竞品分析
  • 新闻热点追踪

📝 许可证

MIT License

Comments

Loading comments...