ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

SearXNG Docker

v1.0.0

Search the web using a local SearXNG instance (privacy-respecting metasearch engine). Use when user asks to search, look something up, "搜索", "搜一下", "查一下", or...

0· 439·2 current·2 all-time
by@triwinds
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, docker compose, settings.yml, and the Python client all align: the skill is for running and querying a self-hosted SearXNG instance. Nothing in the repo asks for unrelated services or credentials.
Instruction Scope
SKILL.md instructs only to run Docker Compose, edit the local settings, generate a local secret, and call the local HTTP JSON API. The runtime instructions do not read or transmit unrelated system files or environment variables.
Install Mechanism
There is no installer; the skill is instruction-only but uses a Docker image: searxng/searxng:latest (pulled from Docker Hub). Pulling 'latest' is standard but has supply-chain implications—pinning to a release tag would be safer.
Credentials
No required environment variables, credentials, or external secrets are requested. The only environment shown is the container's SEARXNG_BASE_URL set to a localhost URL—appropriate for the stated purpose.
Persistence & Privilege
always is false and the skill does not request elevated agent privileges. Running docker compose will create a local container (expected for a self-hosted service); the compose file drops most capabilities and only adds minimal ones.
Assessment
This skill appears to do what it says: run a local SearXNG container and query it with a simple Python client. Before installing, ensure you have Docker/Docker Compose and review the Docker image (searxng/searxng:latest) if you want to limit supply-chain risk—consider pinning to a specific release tag. Change the placeholder secret (SKILL.md shows an openssl-based sed command) and verify the settings.yml you bind into the container. The service is bound to localhost by default (127.0.0.1:8888) which limits remote exposure; if you change networking, be mindful of who can reach the port. Finally, the included Python script only issues local HTTP requests and prints results; no credentials are requested or exfiltrated.

Like a lobster shell, security has layers — review code before you run it.

latestvk97a7yjcpgnfmmr0vqrzj2pnmn81xdd0
439downloads
0stars
1versions
Updated 7h ago
v1.0.0
MIT-0
@triwinds
latest
Download

SearXNG Search Skill

Search the web using a self-hosted SearXNG instance.

When to Use

  • User asks to search, look something up: "搜索", "搜一下", "查一下", "search for", "look up"
  • Need results from multiple engines (Google, Bing, DuckDuckGo, etc.)
  • Need news, images, IT/science, or social media search
  • web_search unavailable or returns poor results

Deployment

Quick Start (Docker Compose)

The docker/ folder in this skill contains a ready-to-use Docker Compose setup. Run it directly — no need to copy files elsewhere.

# 1. Generate a random secret key
sed -i "s/CHANGE_ME_TO_A_RANDOM_STRING/$(openssl rand -hex 16)/" docker/settings.yml

# 2. Start
docker compose -f docker/docker-compose.yml up -d

# 3. Verify
curl -s "http://127.0.0.1:8888/search?q=test&format=json" | python3 -m json.tool | head -5

Configuration

Edit files in the docker/ folder:

  • Port: Default 127.0.0.1:8888 → change in docker-compose.yml ports section
  • Engines: Edit settings.yml engines list (Google, Bing, DuckDuckGo, Wikipedia, GitHub enabled by default)
  • Language: default_lang in settings.yml (default: auto)

Troubleshooting

# Check if running
docker ps | grep searxng

# Restart
docker compose -f docker/docker-compose.yml restart

# View logs
docker logs searxng --tail 50

Usage

All commands use the script at scripts/searxng_search.py (relative to this skill directory). The script defaults to http://127.0.0.1:8888 but accepts --base-url to point elsewhere.

# Basic search
python3 scripts/searxng_search.py "your query"

# Number of results
python3 scripts/searxng_search.py "your query" -n 5

# Language
python3 scripts/searxng_search.py "your query" -l zh    # Chinese
python3 scripts/searxng_search.py "your query" -l en    # English

# Category
python3 scripts/searxng_search.py "your query" -c news
python3 scripts/searxng_search.py "your query" -c images
python3 scripts/searxng_search.py "your query" -c it
python3 scripts/searxng_search.py "your query" -c science

# Time filter
python3 scripts/searxng_search.py "your query" -t day
python3 scripts/searxng_search.py "your query" -t week
python3 scripts/searxng_search.py "your query" -t month

# Specific engines
python3 scripts/searxng_search.py "your query" -e google,bing

# JSON output
python3 scripts/searxng_search.py "your query" --json

# Custom SearXNG URL
python3 scripts/searxng_search.py "your query" --base-url http://192.168.1.100:8888

# Combined
python3 scripts/searxng_search.py "最新科技新闻" -c news -l zh -t week -n 5

Categories

CategoryDescription
generalWeb search (default)
newsNews articles
imagesImage search
videosVideo search
itIT / programming
scienceScientific articles
filesFile search
social mediaSocial media posts

Notes

  • SearXNG aggregates and deduplicates results from multiple engines
  • The score field indicates cross-engine ranking confidence
  • No API key needed — fully self-hosted and private

Comments

Loading comments...