ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Volcengine Search

v1.0.1

使用火山引擎进行联网搜索问答。

0· 103·0 current·0 all-time
by@jhc888007

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for jhc888007/volcengine-search.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Volcengine Search" (jhc888007/volcengine-search) from ClawHub.
Skill page: https://clawhub.ai/jhc888007/volcengine-search
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install volcengine-search

ClawHub CLI

Package manager switcher

npx clawhub@latest install volcengine-search
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
Name/description say 'Volcengine' search, and the README points to Volcengine docs, but the script's network target is https://open.feedcoopapi.com, not volcengine.com or an official Volcano Engine endpoint. That mismatch is not coherent with the stated provider.
!
Instruction Scope
SKILL.md instructs setting VOLC_SEARCH_API_KEY and running scripts/search_web.py, but the repository contains scripts/volcengine_search.py (different filename). The runtime instructions expect an env var and CLI usage that don't match the shipped filenames, increasing the chance of user confusion and hidden behavior. The instructions also direct network requests to an external endpoint (open.feedcoopapi.com) which is outside the stated provider.
Install Mechanism
No install spec; this is instruction-plus-script only so nothing is automatically downloaded or installed by the skill. That minimizes install-time risk.
!
Credentials
The script requires an API key (VOLC_SEARCH_API_KEY or VOLCENGINE_SEARCH_API_KEY) — reasonable for a search API — but the key is sent as a Bearer token to open.feedcoopapi.com. The registry metadata did not declare required env vars. Sending a Volcano Engine API key to a third-party domain is disproportionate and could leak credentials.
Persistence & Privilege
Skill does not request always:true, does not modify system or other skills, and has no install steps that persist beyond the repository files. No elevated persistence requested.
What to consider before installing
Do not trust this skill until you verify the network endpoint and the intended API owner. Specifically: - Confirm whether open.feedcoopapi.com is an authorized proxy or partner of Volcano Engine; if the project author cannot prove that, treat requests to that domain as suspicious. - Note the SKILL.md/README call scripts/search_web.py, but the repository contains scripts/volcengine_search.py — request corrected documentation or a fixed package. - The skill will read an API key from VOLC_SEARCH_API_KEY (or VOLCENGINE_SEARCH_API_KEY) and send it to the external domain as Bearer token; avoid supplying any real production API key. Test only with a throwaway key or in a sandboxed environment and monitor outbound network traffic. - Ask the publisher for evidence of endpoint ownership and for the skill metadata to declare required env vars. If you cannot obtain satisfactory answers, do not install or run this skill with sensitive credentials.

Like a lobster shell, security has layers — review code before you run it.

latestvk97etq5v8k0rz2pc2v8c7zm55s83xfg9
103downloads
0stars
2versions
Updated 4w ago
v1.0.1
MIT-0
@jhc888007
latest
Download

脚本调用说明

本工具会向 https://open.feedcoopapi.com 发起网络请求。

1. 前置准备

请将 API Key 配置在系统的环境变量中:

export VOLC_SEARCH_API_KEY="your_api_key_here"

2. 调用方式 (CLI)

您可以直接在终端运行 scripts/volcengine_search.py 脚本进行快捷搜索测试。

python scripts/search_web.py -q <搜索词> [-t <搜索类型>] [-k <API_Key>]

参数列表:

  • -q--query必填,想要搜索的关键词或问题。需要用双引号包裹以防空格截断。
  • -t--type:选填,搜索类型。默认为 web。支持以下两种:
    • web:常规网页搜索。默认选这个。
    • web_summary:网页搜索并附带大模型总结版。
  • -k--key:选填,手动传入 API Key。如果不传,脚本默认读取 VOLC_SEARCH_API_KEY 环境变量。

调用示例:

# 执行一次普通的网页搜索
python scripts/search_web.py -q "北京市这周末的天气"

# 执行带有大模型智能总结的搜索
python scripts/search_web.py -q "2026年量子计算的最新商业化进展" -t web_summary

3. 返回值说明 (Return Value)

核心函数 volcengine_web_search 返回的是一个解析好的 Python 字典 (dict),其结构与火山引擎 API 的 JSON 响应一致。主要包含以下关键信息:

  • WebItem: 包含多个网页或图片搜索的具体结果条目(标题、URL、摘要)。
  • Choice: 若使用了 web_summary 模式,此处将包含大模型针对搜索结果生成的直接回答。
  • SearchContext: 当前搜索的上下文标识信息。

Comments

Loading comments...