Multi-Web-Search | 多引擎网页搜索
PassAudited by VirusTotal on May 2, 2026.
Overview
Type: OpenClaw Skill Name: multi-web-search Version: 3.4.0 The Multi-Web-Search skill bundle is a comprehensive and well-structured tool for performing multi-engine web searches without requiring API keys. It includes features like result caching (cache_utils.py), relevance-based scoring (result_scorer.py), and a robust fallback mechanism in search.py that uses BeautifulSoup to scrape results if the primary CLI tool (ddgs) is unavailable. While search.py contains a hardcoded local path for the ddgs executable (/Users/metaclaw/...), this appears to be a developer oversight rather than a malicious artifact, as the script includes logic to handle its absence. The SKILL.md instructions are purely functional, providing the AI agent with detailed guidance on engine selection and parameter usage without any evidence of prompt injection or unauthorized data access.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Search terms, including sensitive text if entered, can leave the local environment and be visible to selected search engines or proxy operators.
The skill intentionally exposes broad external search and routing options. This is aligned with the stated purpose, but search queries may be sent to multiple providers or through a user-specified proxy.
supports 20 search engines ... parallel search ... `--proxy, -pr` | 代理服务器 | `--proxy socks5h://127.0.0.1:9150` |
Use the skill for intentional web searches only, avoid putting secrets or private data in queries, and choose privacy-oriented engines or trusted proxies when needed.
Running the installer may execute third-party package installation code from the Python package ecosystem.
If the optional installer is run, it fetches the latest ddgs package without a pinned version. Package installation is purpose-aligned for search functionality, but version/provenance can change over time.
pip_cmd = [sys.executable, "-m", "pip", "install", "--user", "ddgs"]
Run install.py only if you trust the package source; prefer pinned versions or a reviewed virtual environment for higher assurance.
If a user or agent runs this script intentionally, it can publish to ClawHub under the user's account after confirmation.
The package includes a developer publishing helper that can use the current OpenClaw/ClawHub account to publish the skill if manually invoked. It is interactive and not referenced as part of normal search use.
read -p "确认发布到 ClawHub?(y/n) " -n 1 -r ... openclaw publish
Do not run publish.sh unless you are deliberately maintaining or publishing this skill; normal users can ignore or remove it.
Recent search queries and results may remain on disk for up to the configured TTL and could be read by local processes or users with access to the account.
The skill caches search results and a cache key that can include the query. The cache is bounded by TTL and size, but it persists locally.
CACHE_DIR = Path("~/.cache/openclaw/search").expanduser(); DEFAULT_TTL = 3600; cache_entry = {"data": data, "_ttl": ttl, "_created_at": time.time(), "_key": key}Use the documented --no-cache option for sensitive searches and clear the cache if you do not want prior search data retained.
If DHT acceleration is enabled, searches may involve additional distributed-network behavior beyond direct search-provider requests.
DHT acceleration is advertised as an optional distributed-network feature, but the artifacts do not detail its peer/data-boundary behavior.
"dht": {"enabled": true, "description": "DHT network acceleration for 90% faster repeated queries", "requires": "ddgs[dht]"}Leave DHT disabled unless you understand and accept the ddgs[dht] networking model, especially for private or sensitive queries.