ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

web-search-engine

Retrieve search results from web search engines.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 43 · 0 current installs · 0 all-time installs
by小祺先生@lwq057
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The description and SKILL.md state the skill uses a Node script (search.js) to retrieve search results and the included code implements scraping of several search engines — that matches the stated purpose. However the registry metadata lists no required binaries; SKILL.md usage explicitly requires running `node search.js`. The skill therefore fails to declare a legitimate runtime dependency (node), which is an incoherence.
Instruction Scope
The runtime instructions are narrowly scoped: run the provided search.js with a keyword and optional engine list. The script only reads command-line args, performs HTTP GET requests to public search engines, scrapes returned HTML, and prints a JSON array. It does not access other files, environment variables, or external endpoints beyond the search engines.
Install Mechanism
There is no install spec (instruction-only with a bundled script). Nothing is downloaded at install time and no archives or remote installers are referenced.
Credentials
The skill declares no environment variables or credentials and the code does not read env vars or secrets. Requested privileges are proportional to the stated purpose.
Persistence & Privilege
The skill does not request permanent/always-on presence and does not modify other skills or system-wide configs; autonomous invocation defaults are unchanged (normal).
What to consider before installing
This skill is mostly what it says it is (an HTML-scraping search helper), but it fails to declare that it needs Node to run. Before installing, verify your agent environment provides a compatible Node runtime (and global fetch support, e.g. Node 18+), or update the skill metadata to list node as a required binary. Review the included search.js yourself — it performs live HTTP requests to external search engines (which may be subject to terms-of-service or blocking) and constructs URLs without encodeURIComponent (malformed or unexpected input may break requests). No secrets are requested, but if you plan to run this in production, consider running it in a restricted environment and confirm you are comfortable with on-demand outbound HTTP requests to the listed domains.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk972p4da0njf25evz6v965tf1983mn59

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

说明

  • 使用node脚本进行搜索
  • search.js文件在当前skill目录下
  • 返回json序列化数组,顺序对应参数2(搜索引擎名称)
  • 参数优先使用引号,特别是搜索关键词包含空格
  • 可同时搜索多个搜索引擎,多选使用逗号分割
  • 用法:node search.js "参数1:搜索的关键词(必填参数)" "参数2:搜索引擎名称(可选参数,多选使用逗号分割)"

搜索引擎名称

  • baidu_web_pc:百度网页搜索PC
  • so_web_pc:360网页搜索 PC
  • bing_web_pc:bing网页搜索 PC (默认)
  • sogou_web_pc:sogou网页搜索 PC

优势

  • 节省token使用
  • 可同时搜索多个搜索引擎
  • 轻量

Files

2 total
Select a file
Select a file to preview.

Comments

Loading comments…