Cross-Validated Search
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill describes a coherent web-search fact-checking workflow, with normal caution needed around installing an external Python package and sending queries to search providers.
This appears safe to consider if you trust the Python package source. Before installing, verify the package and repository, and avoid using sensitive personal data, secrets, or confidential claims in search queries unless you use a trusted provider such as your own SearXNG instance.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the package allows third-party package code to run in the user's Python environment.
The documented setup depends on installing an external Python package, and the artifact text does not show a pinned version or hash. This is central to the skill's stated purpose and is presented openly as a user-directed install step.
pip install cross-validated-search
Install only from a trusted package source, verify the package name and repository, and prefer pinned versions in controlled environments.
Search terms, claims, and source URLs may be visible to the selected search provider or visited sites.
The skill is designed to query web search providers or a configured SearXNG endpoint. That external data flow is expected for live search, but the artifact does not describe additional privacy controls for submitted queries.
The default provider path is `ddgs`... self-hosted `searxng` via `CROSS_VALIDATED_SEARCH_SEARXNG_URL`.
Avoid putting secrets or private personal data in search queries, and use a trusted self-hosted SearXNG endpoint for sensitive verification work.