Huo15 Searxng

Security checks across malware telemetry and agentic risk

Overview

This skill appears to deploy SearXNG as advertised, but it makes persistent Docker and shell-profile changes that users should review first.

Install only if you want a persistent local SearXNG Docker service and are comfortable with the skill editing ~/.zshrc. Review the generated Docker Compose port binding, consider pinning the SearXNG image, and after uninstall verify with docker ps -a that the searxng container is actually gone.

SkillSpector

By NVIDIA

Vulnerability Patterns

Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection

Findings (7)

Description-Behavior Mismatch

Medium

Confidence: 93% confidence
Finding: The installer persists an environment-variable change by editing ~/.zshrc, which creates host-level persistence outside the containerized SearXNG deployment itself. While the goal appears to be convenience for OpenClaw integration, modifying a shell init file is a security-relevant side effect because it changes future shell behavior and is broader than a pure application install.

Context-Inappropriate Capability

Medium

Confidence: 96% confidence
Finding: Directly modifying ~/.zshrc gives the script a persistent foothold in the user's shell environment, and shell startup files are a common mechanism for stealthy long-term changes. In this script the inserted line is only an environment variable, but the capability is still sensitive and insufficiently bounded for a deployment helper, especially since it assumes zsh and does not obtain explicit opt-in at the point of change.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The README states that installation will automatically append an export to ~/.zshrc, which modifies the user's persistent shell startup configuration. Even though the value shown is not itself malicious, silently changing shell init files can create persistence, interfere with the user's environment, and normalize unsafe behavior if later combined with untrusted input.

Vague Triggers

Medium

Confidence: 85% confidence
Finding: The trigger phrases are broad and generic, including terms like "searxng" and "搭建搜索", which can match casual discussion rather than an intentional deployment request. In this skill's context, unintended invocation is more dangerous because the described action performs real system changes through Docker deployment and configuration automation.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The functionality section describes automated deployment, port probing, container startup, readiness checks, and OpenClaw environment configuration, but it does not clearly warn that these are system-modifying operations. Without an upfront warning, users may not understand that invoking the skill can alter the local Docker environment, filesystem, network exposure, and agent configuration.

External Script Fetching

Low

Category: Supply Chain
Content: - ✅ 新增幂等性检测（已安装时显示状态不重复部署） - ✅ 新增卸载脚本 `uninstall.sh` - ✅ 新增 `source ~/.zshrc` 生效提示 - ✅ 增强 curl 超时参数（--connect-timeout, --max-time） - ✅ 停止旧容器逻辑（升级时清理） ## 故障排除
Confidence: 84% confidence
Finding: curl 超时参数（--connect-timeout, --max-time） - ✅ 停止旧容器逻辑（升级时清理） ## 故障排除 ### Docker 未安装 ```bash # macOS brew install --cask docker # Linux (Ubuntu) curl -fsSL https://get.docker.com | sh

Chaining Abuse

High

Category: Tool Misuse
Content: brew install --cask docker # Linux (Ubuntu) curl -fsSL https://get.docker.com | sh ``` ### 端口全部占用
Confidence: 97% confidence
Finding: | sh

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal