Skillv18.0.0

ClawScan security

Zero-API-Key Web Search · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 29, 2026, 7:29 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's purpose (zero-API-key web search) is plausible and its instructions are coherent, but it repeatedly instructs installing and running an external PyPI package and local services while providing no packaged code in the skill bundle — a supply-chain / operational risk that the user should review before installing or running.
Guidance: This SKILL.md aims to provide free web search and verification and is internally consistent, but it does not contain the actual implementation — it instructs you to pip install a separate PyPI package and optionally run Docker/SearXNG. Before installing or running anything: 1) verify the PyPI package owner and inspect the package contents (or fetch the source from the GitHub repo) to ensure it matches expectations; 2) prefer installing into an isolated environment (virtualenv, container) to limit system impact; 3) be cautious of similarly named packages (typo-squatting) and check package checksums/signatures if available; 4) review any scripts (start-searxng.sh, docker compose) before running, and avoid toggling insecure TLS unless you understand the consequences; 5) if you need stronger assurance, request the actual package source code or a reproduced wheel for audit — the lack of bundled code in the skill means you must trust an external PyPI publication to get the implementation.

Review Dimensions

Purpose & Capability: okThe name/description (free web search, browsing, claim verification) matches the documented commands and provider choices (DuckDuckGo, optional self-hosted SearXNG). The skill does not request unrelated credentials or binaries in its metadata, which is proportionate to the described purpose.
Instruction Scope: concernThe SKILL.md explicitly directs the operator to run `pip install zero-api-key-web-search`, start an MCP server (`zero-mcp`), and optionally run Docker Compose / start a local SearXNG instance. Those are legitimate for the stated functionality, but they instruct the agent/human to install and execute third-party code and potentially system-level services — which expands the execution surface beyond a simple read-only instruction file and should be reviewed before execution.
Install Mechanism: concernThe registry bundle contains only documentation (no code), and the runtime instructions rely on pip installing a package from PyPI. The skill package itself does not include the code, so the install will fetch code from an external source (PyPI). That is a supply-chain risk (possible typo-squatting, malicious publish, or unexpected behavior in the published package). No install checksum, pinned version, or curated release URL is provided in the SKILL.md.
Credentials: noteThe skill declares no required env vars in metadata. SKILL.md mentions optional env vars (e.g., ZERO_SEARCH_SEARXNG_URL and an env var to allow insecure TLS) which are reasonable for an optional self-hosted provider. There are no unrelated secret credentials requested. However, the presence of optional TLS-insecure toggles and an environment hook to point at arbitrary SearXNG endpoints means an operator could direct traffic to arbitrary endpoints if not careful.
Persistence & Privilege: notealways:false (good). But following the instructions will install persistent CLI/MCP binaries (`zero-search`, `zero-mcp`) into the system via pip, and may start persistent services (Docker Compose for SearXNG). That persistence and system-level activity is expected for a CLI/mcp-based search tool but increases blast radius compared to an instruction-only, read-only skill.