globalsearch
PassAudited by ClawScan on May 7, 2026.
Overview
This is a disclosed external web-search skill that requires an API key; it appears purpose-aligned, but users should avoid sensitive searches and verify the third-party provider.
Install only if you are comfortable sending search queries to clb.ciglobal.cn. Keep GLOBAL_SEARCH_API_KEY in secure storage, avoid searching for secrets or confidential internal text, verify the provider’s privacy practices, and use broad multi-source search only when needed.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Search terms, including any sensitive wording the user includes, may be visible to or retained by the external provider.
The skill clearly discloses that user queries leave the local agent boundary and go to a third-party provider that may associate them with an account.
This skill sends the user’s search query to an external web search service at `https://clb.ciglobal.cn/web_search` ... Queries are transmitted to a third-party service and may be associated with your account
Use the skill only for searches you are comfortable sending to clb.ciglobal.cn, and redact personal, confidential, token, or internal information before searching.
Search usage may be tied to the API-key account, and misuse of the key could consume quota or expose account activity.
The skill requires a provider API key and sends it as an authentication header, which is expected for the service but still gives the skill account-linked access.
`GLOBAL_SEARCH_API_KEY`: API key obtained from https://clb.ciglobal.cn/apiKey/login ... Authentication: Required header `X-API-Key`
Store the key in a credential manager or environment variable, rotate it if exposed, and avoid sharing it in prompts, code snippets, or logs.
A broad search may send the same query through multiple source configurations when a narrower lookup would be sufficient.
Comprehensive mode can automatically fan a single query out across multiple search configurations, increasing exposure and provider-side logging compared with a minimal search.
For comprehensive search (default behavior), the skill will use the script from overall.md to perform 4 parallel API calls automatically
Prefer the minimum necessary search scope, and use comprehensive multi-source search only when the user clearly asks for broad coverage.
If the helper script is run, the user or agent may need to install dependencies and should confirm they come from trusted sources.
A Markdown file contains a runnable Python helper script with an aiohttp dependency, while the install metadata does not declare a package install step.
import aiohttp ... API_URL = "https://clb.ciglobal.cn/web_search" ... asyncio.run(main())
Review the script before running it, install dependencies from trusted package repositories, and consider documenting required dependencies in the skill metadata.