ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Openclaw Search Pro

v0.1.6

OpenClaw 搜索增强工具 - 多引擎聚合搜索,获取最新信息。 支持免费搜索引擎(必应/搜狗/360)+ 可选 API(Tavily/百度/Google)。 内容提取、结果去重、智能排序。安全内网访问检查。 关键词:openclaw, search, web, research, productivity,...

0· 503·0 current·0 all-time
by@williamwg2025
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The code and dependencies (axios/undici, cheerio, scripts for multi‑search and extract) are consistent with a web search/HTML extraction tool. However the metadata and docs contain contradictory claims: SKILL.md/README say “no install spec / install included scripts only / OpenClaw provides Node.js so no Python needed” while the bundle contains both a large node_modules tree, package.json, package-lock, Python scripts, and a venv folder. The package.json declares Node engine constraints (>=20.18.1) not asserted in SKILL.md. The mixture of Node and Python artifacts and contradictory README lines (e.g., English README claiming “Scripts run locally - No network calls (unless specified)” vs. the SKILL.md explicitly requiring outbound HTTPS) is inconsistent and should be clarified.
!
Instruction Scope
SKILL.md tells the agent to run included scripts and claims no file writes and explicit SSRF checks in extract.py. The package does include extract scripts, but the pre-scan detected prompt‑injection patterns (base64 block and unicode control chars) inside SKILL.md which could indicate an attempt to influence evaluators or instructions. Also some documentation statements contradict network/file behavior (English README downplays network calls). The instructions do not list any explicit exfil endpoints, but because the scripts perform web requests and the bundle includes both Node and Python implementations, you should inspect scripts/multi-search.* and scripts/extract.* to confirm the claimed SSRF protections and ensure no unexpected file reads/writes or outbound requests to unknown endpoints occur.
Install Mechanism
The skill is marked as instruction‑only (no install spec), yet the bundle includes a full node_modules tree and a venv. There are no download URLs or installer steps beyond 'npm install' suggested in README. Having dependencies vendored in the package reduces network install risk but increases surface area to audit (many third‑party packages included). No remote binary downloads or short/obfuscated URLs were found in the provided manifest.
Credentials
The skill does not require any declared environment variables; optional API keys (TAVILY, Baidu, Bing, Google) are supported and described. That is proportional to a multi‑engine search tool. The README recommends storing API keys locally or via environment variables — good practice. There are no unrelated secrets requested.
Persistence & Privilege
The skill does not request 'always: true' and uses default autonomous invocation settings. It declares local config path (~/.openclaw/workspace/skills/search-pro/config/search-config.json) for optional API keys. There is no evidence it modifies other skills or system settings.
Scan Findings in Context
[pre-scan:base64-block] unexpected: A base64-style block was detected in SKILL.md content. A search/aggregation skill doesn't need opaque base64 blocks in its runtime instructions; this could be an attempt at prompt‑injection or hiding content to influence evaluators. Manual review of SKILL.md and any embedded strings is recommended.
[pre-scan:unicode-control-chars] unexpected: Unicode control characters were detected in SKILL.md. These are often used to obfuscate or inject invisible instructions. Not expected in benign skill documentation; inspect the SKILL.md and the scripts for hidden or malicious directives.
What to consider before installing
What to check before installing: - Inspect the actual scripts (scripts/multi-search.* and scripts/extract.*) before running. Confirm where HTTP requests are sent and that no unrecognized third‑party endpoints are called. - Verify extract.py/js SSRF protections by reading the code that does IP/DNS checks; do not assume the comments are correct. Look for DNS resolution + address comparison logic and ensure it uses safe libraries and fails closed. - Search the codebase for hardcoded remote endpoints, webhooks, or short URLs. If found, verify their purpose and ownership. - The package includes a large vendor tree (node_modules) and a venv. That increases audit surface—prefer running in an isolated sandbox/container or ephemeral VM the first time. - The SKILL.md contained suspicious patterns (base64/unicode control chars). Open the SKILL.md in a plain text editor and remove any hidden characters; confirm there are no hidden instructions or encoded payloads. - Do not paste API keys into files until you confirm the storage path and behavior; prefer environment variables as advised (export TAVILY_API_KEY=...) and set file permissions (chmod 600) if storing locally. - If you rely on this skill for sensitive environments, run it in a network‑restricted sandbox and monitor outbound traffic the first time it runs. Why this is 'suspicious' not 'malicious': The code and dependencies align with the stated search/extraction purpose, and no obvious exfiltration code or download URLs were found in the manifest excerpt. However, contradictory documentation, vendor artifacts, and prompt‑injection patterns in the SKILL.md create ambiguity that requires human review before trusting the package or any secrets.
node_modules/undici/lib/dispatcher/client-h1.js:64
Environment variable access combined with network send.
node_modules/undici/lib/dispatcher/env-http-proxy-agent.js:26
Environment variable access combined with network send.
!
node_modules/entities/lib/esm/generated/decode-data-html.js:4
Potential obfuscated payload detected.
!
node_modules/entities/lib/generated/decode-data-html.js:6
Potential obfuscated payload detected.
!
node_modules/parse5/node_modules/entities/dist/commonjs/generated/decode-data-html.js:7
Potential obfuscated payload detected.
!
node_modules/parse5/node_modules/entities/dist/esm/generated/decode-data-html.js:4
Potential obfuscated payload detected.
!
node_modules/parse5/node_modules/entities/src/generated/decode-data-html.ts:5
Potential obfuscated payload detected.
!
node_modules/undici/scripts/strip-comments.js:3
File read combined with network send (possible exfiltration).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk97aavf6gmkk32n9p1wtyenzn1839v91

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Search Pro - 搜索增强工具

强大的多引擎搜索工具,让搜索更准确、更全面。

✨ 功能特性

  • 🔍 多引擎聚合 - 免费搜索引擎 + 可选 API
  • 📄 内容提取 - URL 内容提取
  • 📊 结果去重 - 智能去重 + 排序
  • 💾 搜索历史 - 历史记录 + 收藏
  • 📈 质量分析 - 搜索质量评估

🚀 安装

cd ~/.openclaw/workspace/skills
# 技能已安装在:~/.openclaw/workspace/skills/search-pro
chmod +x search-pro/scripts/*.py

📖 使用

多引擎搜索

python3 search-pro/scripts/multi-search.py "OpenClaw 技能开发"

内容提取

python3 search-pro/scripts/extract.py --url https://example.com

🛠️ 脚本

脚本功能网络访问文件写入
multi-search.py多引擎搜索✅ 是❌ 否
free_search.py免费搜索引擎✅ 是❌ 否
baidu_search.py百度搜索✅ 是❌ 否
extract.py内容提取✅ 是❌ 否

注意: 搜索历史功能需要手动实现,当前版本不自动保存历史

🔒 安全说明

网络访问 ⚠️

本技能需要联网访问外部服务:

  • 免费搜索引擎(360、搜狗等)
  • 百度搜索引擎
  • 可选:Tavily API(需配置 API Key)

网络权限:

  • 出站 HTTPS 请求(443 端口)
  • 不监听任何端口
  • 不运行服务器

文件访问

路径说明: 所有文件存储在 ~/.openclaw/workspace/skills/search-pro/

  • 读取:
    • config/search-config.json - 搜索配置和 API 密钥(可选)
  • 写入:
    • 当前版本不自动写入文件
    • 搜索结果输出到命令行
  • extract.py 安全检查:
    • ✅ 仅支持 http:// 和 https:// 协议
    • ✅ 检查 IP 地址(10/8, 172.16/12, 192.168/16, 127/8)
    • ✅ DNS 解析后检查(防止域名指向内网)
    • ✅ 检查内网域名模式(.local, .internal, .intranet, .lan)
    • ✅ 阻止常见内网主机名(localhost, internal 等)

数据安全

  • 不上传: 不上传用户配置文件或敏感数据
  • 搜索查询: 会发送到配置的搜索引擎(百度、必应等),这是搜索功能的必要条件
  • API 密钥: 存储在本地配置文件,不发送到除 API 提供商外的第三方

API 密钥(可选)

免费搜索: 无需 API Key,直接使用

可选 API 配置:

# 方法 1: 环境变量(推荐,更安全)
export TAVILY_API_KEY="your-key"

# 方法 2: 配置文件
# 编辑 config/search-config.json
{
  "tavily": {
    "api_key": "your-key"
  }
}

注意: API Key 存储在 config/search-config.json,没有单独的 api-keys.json 文件

安全建议:

  • 配置文件权限:chmod 600 config/search-config.json
  • 不要将 API Key 提交到 Git(添加到 .gitignore)
  • 使用环境变量更安全(不写入文件)

作者: @williamwg2025
版本: 1.0.1
许可证: MIT-0

Files

1156 total
Select a file
Select a file to preview.

Comments

Loading comments…