Zero Api Key Web Search
PassAudited by ClawScan on May 3, 2026.
Overview
The skill is coherent for web search and claim checking, with disclosed but notable reliance on an external package and optional Bright Data/Web Unlocker provider use.
This appears safe to consider for web search if you trust the external package. Before installing, review the PyPI/GitHub package, use the default free path for ordinary searches, and only enable Bright Data/Web Unlocker if you are comfortable sharing queries and URLs with that provider.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Users are trusting the package available from the package index, not code reviewed in this artifact set.
The skill depends on installing an external, unpinned package whose implementation is not included in the reviewed artifacts. This is user-directed and central to the skill, so it is a supply-chain note rather than a concern.
pip install zero-api-key-web-search
Install only from the expected package source, consider pinning a known-good version, and review the package repository before use.
If enabled, the skill may use the user's Bright Data account and could expose usage, incur provider costs, or access provider-specific features.
The skill documents optional Bright Data credentials. This is expected for the optional provider and not required by default, but it is sensitive account access.
export ZERO_SEARCH_BRIGHTDATA_API_KEY="..."
Use a scoped Bright Data key if possible, keep it out of logs and shared prompts, and disable or remove it when not needed.
Browsing blocked pages may send target URLs to an unlocking provider and may have site policy, compliance, or privacy implications.
The browsing flow can automatically fall back to a Web Unlocker for blocked pages once the provider is configured. This is disclosed and purpose-aligned, but it can access pages through an unlocking service.
# Auto-fallback (default) — direct fetch, then unlocker on 403/429 zero-browse "https://protected-site.com/article"
Use Web Unlocker only for sources you are allowed to access, and prefer explicit provider selection for sensitive or regulated browsing.
Sensitive search terms, URLs, or research topics could be visible to the configured provider.
This discloses a third-party provider boundary: when configured or requested, search queries and page URLs may be sent outside the local environment.
Bright Data is optional and should not receive queries unless configured or requested.
Avoid sending confidential queries or private URLs through external providers unless that is acceptable for your use case.