SearXNG Local

v1.0.0

Search the web using a self-hosted SearXNG instance. Privacy-respecting metasearch that aggregates results from multiple engines.

⭐ 2· 4.1k·25 current·27 all-time

by@clockworksquirrel·duplicate of @clockworksquirrel/searxng-metasearch

MIT-0

Download zip

LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Benign

high confidence

ℹ

Purpose & Capability

The name/description match the instructions (self-hosted SearXNG via Docker). However, the SKILL.md uses docker compose, curl, jq, and sed but the skill metadata does not declare any required binaries — a documentation omission (not necessarily malicious) that could confuse non-technical users.

ℹ

Instruction Scope

Instructions remain within the stated purpose (installing and using a local SearXNG instance). Two operational security notes: the example settings.yml binds the service to 0.0.0.0 (exposes it to the network) and uses a placeholder secret_key ('change-me-to-random-string') — both are insecure defaults that the user must change or protect.

✓

Install Mechanism

This is an instruction-only skill with no install spec or code. No downloads or archive extraction are specified, so there is no install-time code execution risk from the skill itself.

✓

Credentials

The skill requests no credentials and only offers an optional SEARXNG_URL variable to point to the instance. That is proportionate to the described functionality.

✓

Persistence & Privilege

The skill is not always-enabled and does not request persistent or elevated platform privileges. It does not modify other skills or global agent settings.

Assessment

This skill is primarily a how-to for running a local SearXNG instance. Before following it, consider: - Install requirements: the guide assumes Docker (and docker compose), curl, jq, and a POSIX shell (sed). The skill metadata does not list these — ensure they are available on your machine. - Secrets: replace the example secret_key with a strong, random secret and store settings securely; do not leave 'change-me-to-random-string' in production. - Network exposure: the example binds SearXNG to 0.0.0.0 and maps port 8080. If you run this on a machine exposed to a network (VPS, cloud instance, or a machine on a public LAN), restrict access via firewall, use a reverse proxy with TLS and authentication, or bind to localhost only if you don't need remote access. - Image pinning & updates: the instructions use searxng/searxng:latest — consider pinning to a specific release digest or tag to reduce supply-chain risk and plan for updates. - API safety: JSON search endpoints return results from external engines; avoid exposing the API publicly without access controls. - Verify sources: the instructions reference the official Docker image name, but confirm the image origin and review upstream docs if you need stricter security. If you follow these precautions, the instructions are coherent and suitable for self-hosting a privacy-respecting search proxy.

Like a lobster shell, security has layers — review code before you run it.

latestvk9724syr3m3cvthad132sw906x801fyn

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

SearXNG Local

License

Comments