ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Web Search

v1.0.0

This skill should be used when users need to search the web for information, find current content, look up news articles, search for images, or find videos. It uses DuckDuckGo's search API to return results in clean, formatted output (text, markdown, or JSON). Use for research, fact-checking, finding recent information, or gathering web resources.

27· 23.8k·442 current·463 all-time
by@billyutw
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (web search via DuckDuckGo) matches the code and instructions. The script uses the duckduckgo-search library and exposes web/text/image/news/video search features described in SKILL.md. No unrelated binaries, env vars, or config paths are requested.
Instruction Scope
SKILL.md instructs the user/agent to install the duckduckgo-search package and run scripts/search.py with various flags. The instructions limit activity to performing searches, formatting results, and optionally saving output to a file. There are no instructions to read unrelated system files, harvest environment variables, or transmit data to endpoints outside the search flow.
Install Mechanism
There is no packaged install spec; SKILL.md tells users to pip install duckduckgo-search (a PyPI package). Relying on a PyPI dependency is expected for a Python search tool but has the usual moderate supply-chain risk—pin versions, use a virtualenv, and verify the package source and integrity before installing.
Credentials
The skill requests no environment variables, no credentials, and no config paths. That is proportionate for a public web-search tool that does not require authentication.
Persistence & Privilege
The skill is not always-enabled and does not request any elevated or persistent platform privileges. It does not modify other skills or system-wide settings.
Assessment
This skill appears coherent and implements what it claims, but the publisher and homepage are not provided. Before installing: (1) inspect scripts/search.py (already included) to confirm it meets your expectations, (2) install the duckduckgo-search dependency in a virtualenv or sandbox and pin a specific version, (3) avoid searching or saving sensitive secrets (the tool fetches external URLs and may follow images/links), and (4) if you require stronger assurance, run the tool in an isolated environment or review the duckduckgo-search package source on PyPI/GitHub first.

Like a lobster shell, security has layers — review code before you run it.

latestvk97e2055wfhrf2wk8ykn04x98x804v6c

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments