Back to skill
Skillv1.0.0
VirusTotal security
SearXNG Docker · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 27, 2026, 4:27 AM
- Hash
- 6c5354e59d229502dfec0dec882b44049e208a5644fb310cf84a8545e52b481b
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: searxng-docker Version: 1.0.0 The `scripts/searxng_search.py` script allows specifying an arbitrary `--base-url` for the SearXNG instance without validation. This creates a Server-Side Request Forgery (SSRF) vulnerability if an AI agent can be prompted to execute the script with a malicious or internal URL, potentially allowing it to access internal network resources or other services on the host machine. While the skill's stated purpose is to use a local instance, the lack of validation for this argument makes it a significant security flaw. No other clear indicators of intentional malice (e.g., data exfiltration, persistence, obfuscation, or direct prompt injection for harmful actions) were found.
- External report
- View on VirusTotal