v2.1.4

Web Search Pro

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 5:31 AM.

Analysis

This appears to be a legitimate web-search tool, but it will contact search providers, use any API keys you configure, and keep a local cache.

GuidanceInstall this if you want an agent-accessible web search/retrieval skill. Before use, verify the package provenance, configure only needed provider keys, avoid sensitive queries unless you are comfortable sharing them with selected providers, keep crawl limits narrow, and clear the local cache when appropriate.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities

SeverityInfoConfidenceHighStatusNote

metadata

Source: unknown; Homepage: https://github.com/Zjianru/web-search-pro

The package is code-backed but the registry source field is not populated, so users should verify package provenance even though the artifacts do not show a remote installer.

User impactYou are installing local code whose registry source attribution is incomplete.

RecommendationVerify the package matches the stated GitHub project and version before relying on it with sensitive searches or API keys.

Agent Goal Hijack

SeverityLowConfidenceHighStatusNote

scripts/engines/fetch.mjs

content: entry.content

Fetched webpage text is returned in results, which means arbitrary web content can enter the agent's context.

User impactA webpage could contain misleading or prompt-like text that should not be treated as instructions to the agent.

RecommendationTreat retrieved pages and snippets as evidence only; do not let webpage text override the user's goal or safety rules.

Tool Misuse and Exploitation

SeverityLowConfidenceHighStatusNote

scripts/crawl.mjs

crawl.mjs "url1" ["url2" ...] ... --depth <n> ... --max-pages <n> ... --no-same-origin

The skill exposes a crawler for user-supplied URLs, including optional cross-origin discovery; this is expected for the purpose and documented with limits.

User impactBroad crawl settings can generate many outbound requests or collect more web content than intended.

RecommendationUse same-origin crawling, low max-page limits, and explicit target URLs unless you intentionally want broader discovery.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityLowConfidenceHighStatusNote

SKILL.md

Optional provider credentials or endpoints widen coverage... TAVILY_API_KEY... EXA_API_KEY... PERPLEXITY_API_KEY... OPENROUTER_API_KEY

The skill can use provider API keys and gateway endpoints to authenticate outbound search/retrieval calls.

User impactQueries may be sent to configured providers, and provider keys may incur cost or usage against your accounts.

RecommendationSet only the provider keys you need, prefer restricted/low-risk keys where possible, and use trusted gateway URLs.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityLowConfidenceHighStatusNote

SKILL.md

local state directory: `.cache/web-search-pro`

The artifacts disclose local state/caching, which can persist search queries, URLs, and retrieved content for reuse.

User impactSearch history or retrieved page content may remain on disk after use.

RecommendationAvoid sensitive searches unless local caching is acceptable, and use the cache clear command when you want to remove stored results.