Free Search Aggregator
PassAudited by ClawScan on May 1, 2026.
Overview
This looks like a legitimate web-search helper, but it can send searches to third-party providers and save search history locally.
This skill appears coherent for web search aggregation. Before installing, be aware that it may contact multiple search providers, use any configured provider API keys, and retain query/result artifacts under memory/. Use deep search only when needed, avoid sensitive queries unless acceptable, and clean stored search data periodically.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Search terms may be shared with one or more search providers, depending on provider availability and failover.
The skill sends search queries to external providers until one returns results; this is expected for the stated search purpose, but it is a third-party data boundary.
Default provider order: brave → exa → tavily → duckduckgo → bing_html → mojeek → serper → searchapi → google_cse → baidu → wikipedia ... First successful non-empty result returns immediately.
Avoid using sensitive/private queries unless you are comfortable with the configured providers seeing them; configure provider order and use deep modes only when needed.
Configured API keys may be used to make provider searches and quota checks on your accounts.
The skill can read optional provider API credentials from environment/config; this is purpose-aligned for API-backed search and there is no evidence of hardcoded keys or unrelated credential use.
api_key: ${BRAVE_API_KEY} ... api_key: ${TAVILY_API_KEY} ... api_key: ${GOOGLE_API_KEY}
cx: ${GOOGLE_CX}Use provider-specific, least-privilege keys where available and only configure the services you intend this skill to use.
Past search queries/results may remain available in local memory files and could be reused or inspected later.
The skill persistently stores search artifacts locally, including an append-only index and long-term reports; this is disclosed and purpose-aligned but may retain search history.
memory/search-cache/YYYY-MM-DD/*.json — raw cache memory/search-index/search-index.jsonl — append-only index memory/search-reports/YYYY-MM-DD/*.md — human-readable reports ... reports: long-term
Periodically clean memory/search-* data if searches include sensitive topics, and confirm retention settings match your privacy expectations.
You have less external context for verifying who maintains the code or how it should be reproducibly installed.
The artifacts provide limited provenance and no install recipe, even though code and dependency files are present; this is not malicious behavior, but it reduces independent verification context.
Source: unknown Homepage: none Install specifications: No install spec — this is an instruction-only skill.
Review the included code/dependencies and prefer trusted or pinned deployment practices if using this in a sensitive workflow.