Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

serper-v

v2.0.1

Professional search (news, places, maps, reviews, scholar, patents) and bulk scraping via Serper API.

⭐ 2· 1.7k·3 current·4 all-time

byVinit@vinitngr

MIT-0

Download zip

LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Suspicious

medium confidence

ℹ

Purpose & Capability

The name/description (Serper-powered search and scraping) matches the CLI usage shown in SKILL.md (serperV search / scrape). Requiring an API key for the Serper service is expected — however, the skill metadata lists no primary credential or required env vars while the instructions explicitly require running `serperV auth <api_key>`, which is an inconsistency.

Instruction Scope

SKILL.md instructs the agent/user to globally install a third-party npm CLI and to run `serperV auth <api_key>`. It does not explain where the key is stored, how the CLI transmits scraped results, or whether scraped content is forwarded to external endpoints. The CLI uses bulk scraping commands (potentially high-volume web access) and the SKILL.md also recommends `--force` in installation — these broaden the runtime actions in ways not covered by the metadata.

Install Mechanism

There is no platform install spec, but SKILL.md and SETUP.md instruct a global `npm install -g @vinitngr/serper-v` (SKILL.md even uses `--force`). The package author scope (@vinitngr) and package source are unknown and there is no homepage or source link in the skill registry — installing an unsigned npm package globally can execute arbitrary code and modify the system.

Credentials

The skill metadata declares no required env vars or primary credential, yet the runtime steps require an API key (`serperV auth <api_key>`). That key may be stored on disk or injected into process env at runtime — the skill does not declare or constrain where secrets live. Requesting API keys is reasonable for this purpose, but the omission in metadata and lack of detail about credential handling is disproportionate/unexplained.

ℹ

Persistence & Privilege

The skill is not flagged as always: true and is user-invocable (normal). However the installation instructions require a global npm install which gives the CLI persistent system presence and may store auth tokens on disk; that persistent footprint is not described in the skill metadata.

What to consider before installing

Before installing or running this skill: (1) Verify the npm package (@vinitngr/serper-v) on the npm registry and inspect its source repository or published tarball — do not install without reviewing code. (2) Avoid installing globally with --force; prefer a container or isolated environment to limit system changes. (3) Ask the author where `serperV auth` stores the API key and whether scraped data is sent off-device; check and audit any created config files. (4) If you must use it, create a dedicated (least-privilege) API key for Serper that can be revoked, and do not reuse high-privilege credentials. (5) If you need stronger assurance, request a versioned release link, source repo, or a signed package before proceeding.

Like a lobster shell, security has layers — review code before you run it.

latestvk97akpj4ferzcptmc06amtac9n80qwye

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

serper-v

License

Comments