Skillv1.0.2

ClawScan security

web-searxng · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 14, 2026, 6:31 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill mostly matches its stated purpose (a local SearXNG search helper) but contains implementation choices that are surprising and risky (notably exiting the process at import-time and active Docker/port probing), so review and caution are warranted before enabling it.
Guidance: This skill implements what it says (a local SearXNG helper), but it performs active local discovery (runs 'docker ps' and probes localhost ports) and writes cache files. Critically, the script runs discovery at import time and will call sys.exit(1) if it doesn't find a SearXNG instance — that can terminate the agent process unexpectedly. Before installing: (1) don't enable this on shared or production machines; run in an isolated environment or container; (2) review and/or modify the script to remove import-time sys.exit and make discovery lazy; (3) ensure you want local Docker/port probing (it can reveal container names/ports); (4) install Python dependencies in a controlled virtualenv; (5) ask the author to add safer failure handling and an opt-in confirmation before probing Docker/ports. If you can't review or change the code, consider this risky and avoid enabling it system-wide.
Findings: [subprocess-exec] expected: The code runs 'docker ps' via subprocess to detect SearXNG containers. This is consistent with the SKILL.md's 'automatic Docker port discovery' claim, but subprocess usage can expose container metadata and requires docker CLI availability. [local-port-scan] expected: The script tries connecting to common localhost ports to find SearXNG. That matches the documented auto-discovery feature but is an active scan of local services and may be surprising on multi-tenant hosts. [write-files-cache] expected: The skill creates and writes JSON cache files under scripts/.cache. This supports 'cache optimization' in SKILL.md but means it will persist data to disk in the skill directory. [process-exit-on-import] unexpected: The module executes discovery at import-time and calls sys.exit(1) if no SearXNG instance is found. Terminating the hosting process on import is unexpected and unsafe for skills — it should fail gracefully or make discovery lazy.

Review Dimensions

Purpose & Capability: okName/description (SearXNG privacy search, auto-discovery, stock mode) align with the code and SKILL.md: the code queries a local SearXNG instance, can detect Docker containers and common ports, caches results, and performs result synthesis.
Instruction Scope: concernSKILL.md explicitly claims automatic Docker port discovery and local port probing, which the code implements. That behavior is within the stated purpose but is intrusive: the skill runs 'docker ps', scans localhost ports, and will write cache files under the skill directory. These actions access local system state beyond a simple HTTP client and may reveal container names/ports or interact with host tooling.
Install Mechanism: noteThe skill is instruction-only with a bundled Python script and no install spec. It lists Python and several libraries as dependencies but does not install them automatically; installing will require the user's environment to provide Python 3.8+ and packages (aiohttp, aiofiles, httpx). This is not inherently malicious but increases friction and the chance of mistakes during manual setup.
Credentials: okNo credentials or sensitive environment variables are required. The script respects an optional SEARXNG_URL env var (declared in SKILL.md). It does not request unrelated secrets or external API tokens.
Persistence & Privilege: concernalways is false and the skill does not request persistent platform-wide privileges, but the code writes a .cache directory next to the script (local disk write). More importantly, the module calls discovery at import time and calls sys.exit(1) if no local SearXNG is found — this can terminate the host process importing the module (agent), which is unsafe and unexpected behavior for a skill.