SearXNG Docker
PassAudited by ClawScan on May 1, 2026.
Overview
This looks like a legitimate local SearXNG search helper, with normal Docker setup and web-search privacy/trust considerations to review.
Before installing, make sure you are comfortable running a persistent local Docker container, consider pinning the SearXNG image version, and remember that search queries and returned snippets are handled through external search engines and should be treated as untrusted web content.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A future image update could change behavior without the skill artifacts changing.
The Docker setup pulls a moving 'latest' image tag, so the exact container code may change over time unless the user pins a version or digest.
image: searxng/searxng:latest
Pin the SearXNG Docker image to a specific version or digest if reproducibility matters.
The search service may keep running after initial setup, consuming local resources and remaining available on localhost.
The local SearXNG container is configured as a persistent background service that continues across restarts until explicitly stopped.
restart: unless-stopped
Stop or remove the container when it is no longer needed, and keep the localhost binding unless you intentionally want network exposure.
A malicious or low-quality web page could include text that tries to influence the agent through search-result snippets.
The script returns titles and snippets from external web results; those snippets are untrusted text that an agent should treat as search evidence, not instructions.
title = r.get("title", "(no title)")
content = r.get("content", "")
lines.append(f"{i}. {title}")Treat search results as untrusted content and do not follow instructions found inside result titles or snippets unless the user confirms them.
Sensitive search queries may still be transmitted to configured search providers through the local SearXNG instance.
The skill discloses use of external search engines while also using broad privacy wording; users should understand that a local SearXNG instance still sends search requests to enabled backends.
Supports categories ... and multiple engines (Google, Bing, DuckDuckGo, etc.). No API key needed — fully self-hosted and private.
Review enabled engines and avoid searching sensitive information unless you are comfortable with SearXNG forwarding those queries.