serper-v
PassAudited by ClawScan on May 1, 2026.
Overview
This appears to be a straightforward Serper search and scraping helper, but it relies on an external npm CLI and a Serper API key that users should verify before use.
Before installing, confirm that @vinitngr/serper-v is the package you intend to trust, consider using a pinned version, and check how it stores the Serper API key. The documented behavior is aligned with Serper search and scraping, but it may consume API quota and depends on an external CLI not included in these artifacts.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the external CLI may change the local environment and depends on code that is not included in the skill artifacts.
The skill asks users to install a global, unpinned external npm package, with --force in the SKILL.md setup example. This is expected for a CLI-based Serper wrapper, but the package should be trusted before installation.
npm install -g @vinitngr/serper-v --force
Verify the npm package publisher and contents, consider pinning a version, and avoid --force unless it is necessary.
The CLI will receive a Serper API key, which may allow API usage and quota consumption on the user's account.
The setup requires a Serper API key. This is purpose-aligned for using the Serper API, but the registry metadata declares no primary credential or required environment variables.
serperV auth <api_key>
Use a scoped or revocable Serper key if available, understand how the CLI stores it, and rotate the key if it is exposed.