ClawHub

DuckDuckGo Web Search

v1.0.0

Web search without an API key using DuckDuckGo Lite via web_fetch. Use as a fallback when web_search fails with missing_brave_api_key error, or whenever you...

24· 25k·253 current·273 all-time
by@jakelin
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the instructions: it uses DuckDuckGo Lite via web_fetch as a no‑API‑key fallback. No unexplained binaries, env vars, or installs are requested.
Instruction Scope
Instructions are narrowly focused on forming the DDG Lite query and using web_fetch to retrieve results and then follow selected URLs. They do not ask the agent to read local files or environment variables. Caveat: the guidance allows following arbitrary result URLs with web_fetch (no domain whitelist), which is expected for a web‑search skill but can be abused to fetch internal or sensitive endpoints (SSRF/exfiltration) depending on how the platform implements web_fetch and what network access the agent has.
Install Mechanism
Instruction‑only skill with no install steps and no code files — lowest install risk.
Credentials
The skill declares no required environment variables, credentials, or config paths. This is proportionate to a simple web search fallback.
Persistence & Privilege
always is false and autonomous invocation is allowed (platform default). Nothing requests permanent system presence or modification of other skills/configs.
Assessment
This skill appears to do exactly what it says: run DuckDuckGo Lite searches via the platform web_fetch tool and optionally fetch result pages. It asks for no credentials and does not install code. Before installing, confirm how your platform's web_fetch behaves (does it send cookies/authorization headers? what network access does it have?), because following arbitrary URLs can expose the agent's outbound IP or be used to access internal services (SSRF). Use it as a fallback only if you trust web_fetch's sandboxing and consider limiting which domains the agent may fetch or monitoring outgoing requests.

Like a lobster shell, security has layers — review code before you run it.

latestvk974rg6srmkhhc6bbgy8e74jt1817k75

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments