ClawHub
Back to skill
v1.0.5

Ollama Web Search CLI

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 8:23 AM.

Analysis

This is a coherent Ollama web search/fetch wrapper with no evidence of hidden exfiltration or destructive behavior, but it does use an Ollama API key and sends searches or URLs to Ollama.

GuidanceInstall only if you are comfortable giving the skill an Ollama API key and sending requested searches or URLs to Ollama. Avoid using it for sensitive private URLs or confidential queries, treat fetched webpage text as untrusted content, and verify the included script/source because the registry metadata has limited provenance.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agent Goal Hijack
SeverityLowConfidenceHighStatusNote
ollama-web-search.sh
print(content[:2000])

The fetch command returns webpage content into the conversation. Webpage text is untrusted and could contain instructions aimed at influencing an agent.

User impactFetched pages could include prompt-injection text or misleading instructions that should not override the user's actual request.
RecommendationTreat fetched page content as data, not as instructions, and verify important claims before acting on them.
Agentic Supply Chain Vulnerabilities
SeverityInfoConfidenceHighStatusNote
metadata
Source: unknown; Homepage: none; Required binaries (all must exist): none

The registry metadata has limited provenance and under-declares local tool requirements even though the skill documentation and script rely on curl and python3. This is a metadata completeness issue, not evidence of hidden behavior.

User impactUsers may need to manually verify the package contents and ensure required local tools are available.
RecommendationReview the included script before use, confirm you trust the publisher, and ensure curl and python3 are present.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityLowConfidenceHighStatusNote
ollama-web-search.sh
--header "Authorization: Bearer $OLLAMA_API_KEY"

The included script sends the declared Ollama API key as a Bearer token to Ollama API endpoints. This is expected for the integration, but it is still delegated account access.

User impactAnyone using the skill must provide an Ollama API key, and requests made by the skill may count against or be associated with that Ollama account.
RecommendationUse a dedicated or revocable Ollama API key if possible, and rotate it if it is exposed.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication
SeverityLowConfidenceHighStatusNote
ollama-web-search.sh
-X POST "https://ollama.com/api/web_search" ... -d "$JSON_PAYLOAD"

Search queries and fetch URLs are packaged into JSON and sent to the external Ollama API. The endpoint is disclosed and purpose-aligned, but the data leaves the local agent environment.

User impactSearch terms and requested URLs may be visible to Ollama under its service policies.
RecommendationAvoid sending confidential queries, private URLs, or sensitive page locations unless that is acceptable for your Ollama account and data policy.