ClawHub

Google SERP API

v1.0.0

Search Google web, news, maps, trends, shopping, scholar, finance, hotel, and media surfaces through Just Serp API.

0· 13·0 current·0 all-time
by@justserpapi
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Crypto
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, required binary (node), and required env var (JUST_SERP_API_KEY) align with a hosted Google SERP API client. The skill only declares the API key and does not request unrelated credentials or system resources.
Instruction Scope
SKILL.md confines the agent to choosing an endpoint from generated/operations.md and running the included helper (bin/run.mjs) with JUST_SERP_API_KEY and operation parameters. It does not instruct the agent to read unrelated files, harvest other env vars, or transmit data to unexpected endpoints; backend baseUrl is api.justserpapi.com.
Install Mechanism
There is no external install/download step (instruction-only), and no third-party packages are pulled at install time. Note: a local Node helper (bin/run.mjs) is included and intended to be executed — that is expected but you should still review the file before running.
Credentials
Only one credential is required (JUST_SERP_API_KEY) and it is the declared primary credential for authenticating with Just Serp API; this is proportionate to the described functionality.
Persistence & Privilege
Skill is not always-enabled and does not request elevated or persistent system privileges. It does include code that will be executed via node when invoked, but there is no evidence it modifies other skills or system-wide settings.
Assessment
This skill appears coherent, but it will execute the included Node script (bin/run.mjs) on your agent host when used. Before installing or invoking: 1) Inspect bin/run.mjs (and generated files) to verify there is no unexpected network access or file I/O beyond calls to api.justserpapi.com. 2) Only provide a Just Serp API key you control and limit its quota/permissions if possible. 3) Never paste the API key into chat messages or logs. 4) Consider running the skill in a sandboxed environment if you are uncertain about the origin. 5) Monitor network usage and rotate/revoke the key if you observe unexpected activity.

Like a lobster shell, security has layers — review code before you run it.

latestvk97b3f64ydmpcpr459bm69dd1x848wz6

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binsnode
EnvJUST_SERP_API_KEY
Primary envJUST_SERP_API_KEY

Comments