ClawHub

ddg-search

v2026.2.15

DuckDuckGo HTML search scraper CLI with JSON, CSV, OpenSearch, markdown, and compact outputs.

2· 1.6k·11 current·15 all-time
bycamo@camohiddendj
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (DuckDuckGo HTML search scraper) match the declared requirement (ddg-search binary) and the install spec (npm package 'ddg-search'). The declared binaries and install are proportional to the stated functionality.
Instruction Scope
SKILL.md only instructs running the ddg-search command with flags and shows example pipes (e.g., to jq). It does not ask the agent to read unrelated files, environment variables, or send results to unexpected external endpoints. The behavior described (network scraping of DuckDuckGo, progress to stderr, delays between requests) is consistent with the tool's purpose.
Install Mechanism
Installation is via the npm package 'ddg-search', which is a standard registry-based install (moderate-risk compared to no-install). No arbitrary URL downloads or archive extraction are used. As with any npm package, verify the package owner, recent versions, and known vulnerabilities before installing.
Credentials
The skill requests no environment variables, credentials, or config paths. This is proportionate to a search-scraper CLI.
Persistence & Privilege
The skill is not forced-always, does not request persistent elevated privileges, and does not modify other skills or system-wide agent config. Autonomous invocation is allowed (platform default) but not combined with other red flags.
Assessment
This skill appears to be what it says: an instruction-only wrapper around the ddg-search CLI. Before installing: 1) Verify the npm package 'ddg-search' and its maintainer (check npmjs.org and the GitHub repo) to avoid typosquatting; 2) Inspect the package source (or review its GitHub repo) for unexpected network or file behavior; 3) Install in an isolated or ephemeral environment if you need to limit blast radius; 4) Be aware the CLI performs network requests (it will contact DuckDuckGo) and could expose queries in logs—no credentials are requested by the skill. If you need higher assurance, ask for the package tarball checksum or a link to the published npm package and its source tree to review before installation.

Like a lobster shell, security has layers — review code before you run it.

latestvk972bt99er5s5112265d7469nx819cje

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🦆 Clawdis
Binsddg-search

Install

Install ddg-search CLI (npm)
Bins: ddg-search
npm i -g ddg-search

Comments