Skillv1.0.0

ClawScan security

Neo Ddg Search Hardened · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 29, 2026, 1:43 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: This skill is a small DuckDuckGo search wrapper that requires no credentials and its code and instructions are consistent with its stated purpose; only minor operational/packaging issues were found (path mismatch and a pip flag suggestion) but nothing that suggests malicious intent.
Guidance: This skill appears to do only DuckDuckGo searches and includes explicit guardrails against SSRF and data exfiltration, which is good. Before installing: (1) fix the path inconsistency in SKILL.md or ensure the agent uses the correct script path (scripts/search.py); (2) avoid running pip with `--break-system-packages` on production systems — prefer a virtualenv or platform-managed packaging; (3) verify the platform enforces the documented SSRF/exfiltration guardrails (the SAFETY.md is useful but enforcement depends on your agent runtime); (4) review the ddgs package (and its network behavior) if you need to meet strict compliance requirements; and (5) be aware scraping can break and may be subject to DuckDuckGo terms of service and rate limits.

Review Dimensions

Purpose & Capability: okName/description (DuckDuckGo web search) matches the included script and instructions. The SKILL.md documents the ddgs Python package used to perform searches and the bundled script prints titles/URLs/snippets — all appropriate for a search skill. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope: noteRuntime instructions stay within search scope and explicitly include guardrails (treat results as untrusted, refuse private/localhost fetches, no exfiltration). Minor inconsistency: SKILL.md example calls python3 skills/ddg-search/scripts/search.py but the repository's script path is scripts/search.py; this is an operational mismatch (will cause a broken invocation unless path is corrected). The SKILL.md also suggests using a separate web_fetch tool for fetching result pages — ensure that tool enforces the same SSRF/exfiltration rules.
Install Mechanism: noteThere is no install spec (instruction-only), so nothing is written to disk by an installer. The SKILL.md tells users to pip install ddgs (`--break-system-packages`), which is unusual and can alter system-managed Python packages; it's an operational concern but not evidence of malicious behavior. The ddgs package itself will make outbound HTTP requests to DuckDuckGo (expected).
Credentials: okThe skill requests no environment variables, no credentials, and no config paths. This is proportionate to its stated purpose.
Persistence & Privilege: okalways is false and the skill doesn't request elevated/persistent platform privileges. It does not attempt to modify other skills or global agent config.