ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

super-search-engine

v1.0.0

Multi search engine integration with 17 engines (8 CN + 9 Global). Supports advanced search operators, time filters, site search, privacy engines, and Wolfra...

0· 50·0 current·0 all-time
by@subaru0573
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (multi-search integration) match the contents: SKILL.md and config.json list 17 search engines and example web_fetch calls. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
Runtime instructions are confined to constructing search URLs and calling web_fetch. However, several example operators (e.g., intext:password, cache:, inurl:login, filetype:txt) can be used to discover sensitive content on the web — this is functionality of search, not hidden exfiltration, but worth noting. The SKILL.md contains a small chunk of stray gibberish text in the header which appears to be a quality/typo issue rather than malicious behavior.
Install Mechanism
No install spec or code is present (instruction-only), so nothing is written to disk and no external packages or downloads are executed.
Credentials
The skill requires no environment variables, credentials, or config paths, which is proportionate to a search-URL helper. There are no requests for unrelated secrets.
Persistence & Privilege
always is false and there is no installation step to persist or modify other skills. The default autonomous invocation remains possible (platform default) but the skill itself does not request elevated persistence.
Assessment
This skill appears coherent and low-risk: it only builds search URLs and shows web_fetch examples and asks for no keys or installs. Things to consider before enabling: (1) the agent will perform network requests to third-party search engines — review your organization's network/egress policy and privacy requirements; (2) the documented advanced operators can be used to find sensitive information on the web (e.g., filetype:txt, intext:password) — avoid running broad discovery queries against private domains; (3) the publisher/source is unknown and there is no homepage — exercise normal caution (sandbox or limit autonomous use) if you plan to let the agent run queries without supervision. The stray text in the SKILL.md looks like a harmless typo but indicates limited editorial review.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cftsejwk9tv32xx3jyecbj984jh02

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments