ClawHub

Searxng Web

v1.0.0

Proxies search queries to a local searxng instance and returns json-formatted search results with titles, URLs, snippets, and sources.

0· 712·0 current·0 all-time
by@zomgirprogrammer
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description promise a proxy to a local searxng instance. The included node runner only reads JSON from stdin, constructs an HTTP request to http://host.docker.internal:8081/search?format=json&q=..., parses the returned JSON, and outputs a normalized results object. No unrelated APIs, credentials, or system accesses are requested.
Instruction Scope
SKILL.md documents the single tool and the node runner. The runtime instructions and the script operate only on stdin/stdout and the local HTTP endpoint. There is a stray truncated 'docker exec -it openclaw sh -lc' snippet in SKILL.md that looks like an editing artifact but does not change behavior.
Install Mechanism
No install spec is provided and the skill is instruction-only with a small Node.js script. This is low-risk and appropriate for the described functionality; it requires a Node runtime at execution time (declared as runner).
Credentials
The skill requests no environment variables, no credentials, and accesses no files beyond stdin/stdout. The only network target is host.docker.internal:8081, which is appropriate for a local searxng proxy.
Persistence & Privilege
always is false, the skill does not modify agent or system configuration, and it does not request persistent privileges or other skills' credentials.
Assessment
This skill appears to do only what it claims: send queries to a local searxng at host.docker.internal:8081 and return results. Before installing, ensure you actually run a searxng instance reachable at that address/port from the agent environment (host.docker.internal is commonly used from containers). Be aware queries sent through the skill will be transmitted to that local service—avoid sending sensitive secrets in queries unless you trust the local instance. The stray 'docker exec' line in SKILL.md looks like an editing artifact but is harmless; if you need tighter security, run the skill in a sandboxed environment or restrict the agent's network access to only the expected local host and port.

Like a lobster shell, security has layers — review code before you run it.

latestvk973mq4tpn43d31jzpcgqytwks8180yd

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments