ClawHub

webserp

v0.1.4

Web search across 7 engines in parallel with browser impersonation. Use when the agent needs current information from the web — news, documentation, recent e...

3· 996·10 current·10 all-time
by@paperboardofficial
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description align with the instructions: a metasearch CLI that scrapes seven engines and uses browser impersonation. No unrelated env vars, binaries, or config paths are requested; the capability requested (scraping/search) fits the stated purpose.
Instruction Scope
SKILL.md only instructs network queries to public search engines and provides CLI usage. It explicitly recommends browser impersonation (curl_cffi) and supports proxies. It does not ask for reading local files or unrelated secrets, but the scraping/impersonation behavior can be used to evade blocks and may violate search engines' terms of service or privacy expectations.
!
Install Mechanism
There is no registry install spec; the README tells users to 'pip install webserp'. Installing a PyPI package executes third-party code and can run arbitrary install/runtime code. The skill metadata provides no homepage, source repo, or package origin to verify the package or its owner — this is a supply-chain risk.
Credentials
No credentials, env vars, or config paths are required, which is proportionate. The optional --proxy flag is reasonable for network routing but could be used to exfiltrate traffic if misused.
Persistence & Privilege
The skill is not always-enabled and is user-invocable only. The only persistent effect would be installing the pip package into the Python environment, which is expected but means code will persist on disk until uninstalled.
What to consider before installing
This skill's behavior (web scraping with browser impersonation) matches its description, but its provenance is unknown: SKILL.md tells you to 'pip install webserp' while the registry provides no homepage or source repo. Before installing, verify the PyPI package name and author, inspect the package source (or the project repo) for unexpected behavior, and prefer installing/trying it inside an isolated environment (container or VM). Be aware: scraping with browser impersonation can violate search engine terms of service and may send queries to many third-party domains; if you must use it, avoid running it with privileged credentials, and consider using a vetted API-based search provider instead. If you can provide the PyPI package URL or source repository, I can re-evaluate with higher confidence.

Like a lobster shell, security has layers — review code before you run it.

latestvk9701sm9p81cmygcq5ymdynvgh81jyf4
996downloads
3stars
2versions
Updated 1mo ago
v0.1.4
MIT-0
@paperboardofficial
latest
Download

webserp

Metasearch CLI — queries Google, DuckDuckGo, Brave, Yahoo, Mojeek, Startpage, and Presearch in parallel. Uses curl_cffi for browser impersonation. Results like a browser, speed like an API.

When to use webserp

  1. You need current/recent information not in your training data
  2. You need to verify facts or find sources
  3. You need to discover URLs, documentation, or code repositories
  4. The user asks about recent events, releases, or news

Install

pip install webserp

No API keys, no configuration. Just install and search.

Usage

# Search all 7 engines (default)
webserp "how to deploy docker containers"

# Search specific engines
webserp "python async tutorial" --engines google,brave,duckduckgo

# Limit results per engine
webserp "rust vs go" --max-results 5

# Show which engines succeeded/failed
webserp "test query" --verbose

# Set per-engine timeout
webserp "query" --timeout 15

# Use a proxy
webserp "query" --proxy "socks5://127.0.0.1:1080"

Options

FlagDescriptionDefault
-e, --enginesComma-separated engine listall
-n, --max-resultsMax results per engine10
--timeoutPer-engine timeout (seconds)10
--proxyProxy URL for all requestsnone
--verboseShow engine status in stderrfalse

Output format

JSON to stdout (SearXNG-compatible):

{
  "query": "deployment issue",
  "number_of_results": 42,
  "results": [
    {
      "title": "How to fix Docker deployment issues",
      "url": "https://example.com/docker-fix",
      "content": "Common Docker deployment problems and solutions...",
      "engine": "google"
    }
  ],
  "suggestions": [],
  "unresponsive_engines": []
}

Parse with jq or any JSON parser. The results array contains title, url, content, and engine for each result. unresponsive_engines lists any engines that failed with the error reason.

Tips

  • Use --max-results 5 to keep output concise when you just need a few links
  • Use --engines google,brave to target specific engines for faster results
  • Use --verbose (writes to stderr) to see which engines responded — the JSON on stdout is unaffected
  • Results are deduplicated by URL across engines — you won't get the same link twice

Comments

Loading comments...