Google Web Search
PassAudited by ClawScan on May 1, 2026.
Overview
The skill appears coherent and benign, but it sends prompts to Google's Gemini/Search service and requires a Gemini API key plus Python dependencies.
Install this skill if you are comfortable using Google's Gemini/Search service for prompts that need current information. Provide a restricted GEMINI_API_KEY, monitor any usage or billing, avoid sending confidential data in prompts, and consider pinning dependencies in higher-assurance environments.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A leaked or over-permissive API key could be misused or incur charges on the user's Google/Gemini account.
The skill uses a Gemini API key from the environment to authenticate API calls. This is expected for the stated Gemini search purpose, but it is still a credential with account and billing implications.
api_key = os.environ.get("GEMINI_API_KEY") ... client = genai.Client(api_key=api_key)Use a restricted Gemini API key, keep it out of prompts and logs, and rotate it if it is exposed.
Sensitive details included in a prompt may be sent to Google/Gemini and may influence generated web search queries.
The user's prompt is sent to the Gemini provider with Google Search grounding enabled. This is the core feature, but it means prompt contents leave the local environment.
response = client.models.generate_content(
model=model,
contents=prompt,
config=config,
)Use this skill for information lookup and citation needs, but avoid including secrets, private documents, or confidential business data unless that provider use is acceptable.
Future dependency changes could affect behavior or security of the helper script.
The dependency versions are lower-bounded rather than pinned, so installation can pull newer compatible package releases. This is common and purpose-aligned, but it leaves the install dependent on package-manager trust and future package versions.
google-genai>=1.50.0 pydantic-settings>=2.0.0
Install in a trusted Python environment and consider pinning or locking dependency versions if reproducibility is important.