Searxng Search
PassAudited by ClawScan on May 1, 2026.
Overview
This appears to be a straightforward SearXNG search connector, with the main considerations being trusted endpoint use and user-directed setup steps.
This skill is reasonable for web search if you trust the configured SearXNG server. Before installing, confirm the endpoint, avoid sending sensitive queries, install mcporter only from a trusted source, and back up or merge any existing mcporter configuration instead of blindly overwriting it.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Search queries, including any sensitive text placed in them, will be sent to the configured SearXNG server.
The MCP server sends the user's search query to the configured SearXNG endpoint. This is purpose-aligned, but the endpoint receives the search terms.
url = f"{SEARXNG_URL}/search?q={encoded_query}&format=json"
with urllib.request.urlopen(url, timeout=30) as response:Use a SearXNG instance you trust, avoid searching for secrets or private data, and prefer HTTPS for remote instances.
A malicious or low-quality search result could try to influence the agent if the agent treats result text as authoritative.
The tool returns web result snippets as text to the agent. Web results are untrusted retrieved context and may contain misleading or instruction-like content.
f" {r.get('content', 'N/A')[:200]}...\n"
...
"text": f"Search results for '{query}':\n\n" + "\n\n".join(formatted_results)Treat search results as untrusted references and verify important claims or instructions before acting on them.
Installing mcporter globally affects the local environment, and copying config.json may overwrite or replace an existing mcporter configuration.
The documented setup uses a global npm-installed dependency and copies a config file into the user's mcporter configuration. This is user-directed and purpose-aligned, but users should be aware of the dependency and config-file impact.
cp config.json ~/.config/mcporter/config.json ... npm install -g mcporter
Verify the mcporter package source, install it intentionally, and merge or back up any existing mcporter config before copying this file.