Private Search
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill’s privacy/search claims are stronger than what the provided artifacts appear to implement or prove.
Review this skill before relying on it for private searches. The setup script is understandable and mostly purpose-aligned, but the package does not show the actual search tool or mechanism that would override OpenClaw’s default search. Verify the search provider is really changed, protect your Brave/Kagi key, and consider self-hosted SearXNG for stronger privacy.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may believe their agent searches are protected when the provided artifacts do not prove that searches will stop using the default provider.
These are strong functionality and privacy guarantees, but the provided artifact set contains no implementation of the claimed tool and no install/capability evidence showing that default web search is actually overridden.
This skill provides a `private_web_search` tool ... All queries route through your chosen private engine. ... This skill never sends your queries to Google, Bing, or any ad-network-affiliated search provider when properly configured.
Only rely on the privacy guarantee after verifying that OpenClaw actually registers and uses a private search tool/provider. The publisher should include the tool implementation or clearly document the platform mechanism that enforces the override.
The user cannot review or verify the actual search-routing behavior from the supplied package, creating uncertainty about whether the skill works as advertised.
The skill advertises an operational search tool and default-search replacement, but the install metadata says it is instruction-only; the provided files only include documentation, a landing page, references, and a setup script.
No install spec — this is an instruction-only skill.
Require a complete, reviewable implementation or a clear declaration that the skill only documents configuration for an external OpenClaw search provider.
Anyone with access to the env file may be able to use the Brave Search API key and consume the user’s quota.
The script asks for a Brave API key and persists it locally, which is expected for a Brave Search integration but still involves credential handling.
read -p "Paste your Brave Search API key here: " brave_key ... echo "BRAVE_API_KEY=$brave_key" >> "$CONFIG_FILE"
Store the key in an OpenClaw-specific secret/config store where possible, keep file permissions restrictive, and revoke the key if it is exposed.
Running the setup script will change local environment configuration and test the key against Brave’s API.
The skill asks the user to run a local shell script. The included script is simple and purpose-aligned, but local script execution can modify files and make network calls.
Run the setup script for guided configuration: `bash scripts/setup-brave-search.sh`
Review the script before running it and confirm the target config file shown by the script is the intended one.
Search terms may be visible to Brave, Kagi, or the selected SearXNG instance unless the user self-hosts and configures it appropriately.
Search queries are intentionally sent to the selected external or self-hosted search provider. This is purpose-aligned, but users should understand where their queries go.
Routes to your configured engine via API
Choose the provider that matches your privacy needs; use self-hosted SearXNG if you do not want search queries sent to a third-party provider.