Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
Name/description (SearXNG privacy search, auto-discovery, stock mode) align with the code and SKILL.md: the code queries a local SearXNG instance, can detect Docker containers and common ports, caches results, and performs result synthesis.
Instruction Scope
SKILL.md explicitly claims automatic Docker port discovery and local port probing, which the code implements. That behavior is within the stated purpose but is intrusive: the skill runs 'docker ps', scans localhost ports, and will write cache files under the skill directory. These actions access local system state beyond a simple HTTP client and may reveal container names/ports or interact with host tooling.
Install Mechanism
The skill is instruction-only with a bundled Python script and no install spec. It lists Python and several libraries as dependencies but does not install them automatically; installing will require the user's environment to provide Python 3.8+ and packages (aiohttp, aiofiles, httpx). This is not inherently malicious but increases friction and the chance of mistakes during manual setup.
Credentials
No credentials or sensitive environment variables are required. The script respects an optional SEARXNG_URL env var (declared in SKILL.md). It does not request unrelated secrets or external API tokens.
Persistence & Privilege
always is false and the skill does not request persistent platform-wide privileges, but the code writes a .cache directory next to the script (local disk write). More importantly, the module calls discovery at import time and calls sys.exit(1) if no local SearXNG is found — this can terminate the host process importing the module (agent), which is unsafe and unexpected behavior for a skill.
Scan Findings in Context
[subprocess-exec] expected: The code runs 'docker ps' via subprocess to detect SearXNG containers. This is consistent with the SKILL.md's 'automatic Docker port discovery' claim, but subprocess usage can expose container metadata and requires docker CLI availability.
[local-port-scan] expected: The script tries connecting to common localhost ports to find SearXNG. That matches the documented auto-discovery feature but is an active scan of local services and may be surprising on multi-tenant hosts.
[write-files-cache] expected: The skill creates and writes JSON cache files under scripts/.cache. This supports 'cache optimization' in SKILL.md but means it will persist data to disk in the skill directory.
[process-exit-on-import] unexpected: The module executes discovery at import-time and calls sys.exit(1) if no SearXNG instance is found. Terminating the hosting process on import is unexpected and unsafe for skills — it should fail gracefully or make discovery lazy.
What to consider before installing
This skill implements what it says (a local SearXNG helper), but it performs active local discovery (runs 'docker ps' and probes localhost ports) and writes cache files. Critically, the script runs discovery at import time and will call sys.exit(1) if it doesn't find a SearXNG instance — that can terminate the agent process unexpectedly. Before installing: (1) don't enable this on shared or production machines; run in an isolated environment or container; (2) review and/or modify the script to remove import-time sys.exit and make discovery lazy; (3) ensure you want local Docker/port probing (it can reveal container names/ports); (4) install Python dependencies in a controlled virtualenv; (5) ask the author to add safer failure handling and an opt-in confirmation before probing Docker/ports. If you can't review or change the code, consider this risky and avoid enabling it system-wide.Like a lobster shell, security has layers — review code before you run it.
latestvk97a17qmr3sqdqghvxqbsrapan84ts12
License
MIT-0
Free to use, modify, and redistribute. No attribution required.