serper-v
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the external CLI may change the local environment and depends on code that is not included in the skill artifacts.
The skill asks users to install a global, unpinned external npm package, with --force in the SKILL.md setup example. This is expected for a CLI-based Serper wrapper, but the package should be trusted before installation.
npm install -g @vinitngr/serper-v --force
Verify the npm package publisher and contents, consider pinning a version, and avoid --force unless it is necessary.
The CLI will receive a Serper API key, which may allow API usage and quota consumption on the user's account.
The setup requires a Serper API key. This is purpose-aligned for using the Serper API, but the registry metadata declares no primary credential or required environment variables.
serperV auth <api_key>
Use a scoped or revocable Serper key if available, understand how the CLI stores it, and rotate the key if it is exposed.