ClawHub

Cross-Validated Search

v16.0.0

OpenClaw skill for source-backed web search, page reading, and evidence-aware claim checking. Use it to verify factual answers with live search results and e...

0· 74·0 current·0 all-time
byDa Wei@wd041216-bit
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name and description match the runtime instructions (CLI commands for search-web, browse-page, verify-claim, evidence-report). However, the SKILL.md recommends 'pip install cross-validated-search' and refers to an optional env var CROSS_VALIDATED_SEARCH_SEARXNG_URL even though the registry metadata lists no required env vars; this mismatch is minor but worth noting.
Instruction Scope
The SKILL.md confines the agent to search, page-reading, and claim-verification workflows; it does not instruct the agent to read unrelated files, access system configs, or exfiltrate data to unknown endpoints. Examples show CLI usage and --deep/--json flags; the only operational instruction that affects the environment is to install the package via pip.
Install Mechanism
There is no registry-level install spec, but the documentation instructs users/agents to run 'pip install cross-validated-search'. Installing a third-party PyPI package is common but has moderate risk—review the PyPI package and its source (the project homepage GitHub link is provided) before installing, or run in an isolated environment.
Credentials
The skill requires no credentials and declares no required env vars, which is proportional. However, SKILL.md references CROSS_VALIDATED_SEARCH_SEARXNG_URL as a recommended configuration for a self-hosted provider; that env var is not declared in metadata. Also be aware that search queries and fetched page contents will be sent to external search providers (ddgs or searxng), which may expose query contents and retrieved pages to those services.
Persistence & Privilege
The skill does not request 'always: true', does not require persistent system-wide changes, and is instruction-only with no code files in the bundle. There is no indication it modifies other skills or agent-wide settings.
Assessment
This skill appears to do what it says (search and evidence-aware verification) and does not ask for credentials, but take two precautions before using it: (1) inspect the cross-validated-search package source on the linked GitHub repo or PyPI before running 'pip install' (or install it inside an isolated environment/container), and (2) consider privacy: search queries and full page contents will be sent to whichever search provider is used (duckduckgo/ddgs by default, or a searxng instance if you set CROSS_VALIDATED_SEARCH_SEARXNG_URL). If you need confidentiality, self-host a searxng instance and set that URL; if you cannot verify the package source, avoid installing and instead use a verified browser/search integration.

Like a lobster shell, security has layers — review code before you run it.

latestvk9738g4zrwhs0srvfzr232bdfs83h0wx

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments