首页龙虾技能列表 › Claw Search — 技能工具

Claw Search — 技能工具

v1.0.3

提供免费通用 Web 搜索 API 服务,支持多后端兼容,无需 API Key,快速响应,适合 AI Agent 集成使用。

0· 299·0 当前·0 累计
by @yuanchao193·MIT-0
下载技能包
License
MIT-0
最后更新
2026/4/14
安全扫描
VirusTotal
可疑
查看报告
OpenClaw
可疑
high confidence
The package appears to implement a web-scraping search service (plausible for its description) but contains several mismatches and risky behaviors (unspecified native binaries, shell exec of user input, hard-coded absolute paths, and heavy runtime dependencies not declared) that should be resolved or audited before use.
评估建议
This skill is plausible as a search aggregator, but I recommend caution before installing or running it on any machine you care about: - Review and mitigate shell-injection risk: server/search.js uses execSync with user-supplied query (executes `skillhub search "<query>"`). Treat queries as untrusted input and avoid executing them in a shell; prefer spawn with argument arrays or sanitize/escape inputs. - Confirm required binaries and runtimes: the code expects Chromium at /usr/bin/chromium-bro...
详细分析 ▾
用途与能力
The skill claims a lightweight, no-API-key search API, but the shipped code needs additional runtime components that are not declared: (1) Node code uses puppeteer/puppeteer-core and expects a Chromium binary at /usr/bin/chromium-browser; (2) a Python frontend (search-frontend/server.py) requires Flask, requests, BeautifulSoup, but Python deps are not documented; (3) server/search.js calls an external 'skillhub' CLI via execSync. These binaries/libraries are plausible for a scraping-based search service, but the skill metadata declared no required binaries or install steps — that mismatch is concerning.
指令范围
The SKILL.md gives general deploy/run instructions only, but the runtime instructions in the code go beyond that surface: server/search.js executes `skillhub search "<query>"` (execSync) which runs a local binary with user-supplied input (risk of shell injection and requires 'skillhub' to exist). server-v2.js reads a hard-coded absolute path under /root/.openclaw/workspace/... to load data, indicating the code expects access to the agent's workspace filesystem. Multiple components perform web scraping (puppeteer, requests) — all of which are coherent with a search aggregator but the SKILL.md does not warn about required native/browser binaries or the local-exec behavior.
安装机制
There is no install spec in registry metadata (instruction-only), but repository includes package.json and package-lock.json and expects npm install; package-lock entries resolve via a Tencent mirror (mirrors.tencentyun.com). Relying on npm install will pull many dependencies (puppeteer and its browser tooling are large). The absence of a declared install mechanism plus use of puppeteer and a non-default mirror are operational / supply-chain risks to review before installing.
凭证需求
SKILL.md lists a small set of optional env vars (PORT, TAVILY_API_KEY, BRAVE_API_KEY) and the scripts reference CLAW_SEARCH_URL. There are no broad credentials requested. However, the code expects system binaries (chromium, skillhub) and reads/writes local files (/tmp/claw-search-stats.json, /root/.openclaw/...). Those filesystem accesses are not declared in metadata and may expose more of the host environment than the README implies.
持久化与权限
Skill does not set always:true and does not request elevated platform privileges in the metadata. It does, however, contain server code that will run as a persistent service when deployed (docker-compose), which is expected for a search API but means it will run continuously and have filesystem/network access as shown in the code.
server/search.js:16
Shell command execution detected (child_process).
scripts/search.mjs:7
Environment variable access combined with network send.
server/search.js:8
Environment variable access combined with network send.
安全有层次,运行前请审查代码。

License

MIT-0

可自由使用、修改和再分发,无需署名。

运行时依赖

无特殊依赖

版本

latestv1.0.32026/3/14

更新到最新版本

● 可疑

安装命令 点击复制

官方npx clawhub@latest install claw-search
镜像加速npx clawhub@latest install claw-search --registry https://cn.clawhub-mirror.com

技能文档

通用免费的 Web Search API 服务,专为 AI Agents 设计。

功能

  • 🔍 Web 搜索 - 类似 Brave Search 的 Web Search API
  • 🌐 通用兼容 - 兼容 OpenClaw、Claude Code 等各种 Agent
  • 🔑 无需 API Key - 使用 skillhub 后端,无需申请
  • 🚀 快速响应 - 优化的搜索体验
  • 🐳 Docker 部署 - 一键部署到任意服务器

API 使用

Web 搜索

curl -X POST https://api.claw-search.com/api/search \
  -H "Content-Type: application/json" \
  -d '{"query": "openclaw ai agent", "count": 10}'

搜索结果示例

{
  "query": "openclaw ai agent",
  "count": 5,
  "results": [
    {
      "title": "openclaw-backup",
      "url": "https://clawhub.com/skill/openclaw-backup",
      "description": "OpenClaw Backup",
      "age": ""
    }
  ]
}

API 参数

参数类型必填说明
querystring搜索关键词
countnumber返回结果数量 (默认 10, 最大 20)
offsetnumber分页偏移
countrystring国家代码 (默认 CN)
freshnessstring时间范围: pd(天), pw(周), pm(月), py(年)

部署

Docker 部署 (推荐)

# 克隆或下载项目
cd claw-search
# 启动服务
docker-compose up -d
# 测试
curl https://api.claw-search.com/health

手动部署

# 安装依赖
npm install
# 启动服务
PORT=8080 npm start

环境变量

变量说明
PORT服务端口 (默认 8080)
TAVILY_API_KEYTavily API Key (可选)
BRAVE_API_KEYBrave Search API Key (可选)

OpenClaw Skill 调用

node {baseDir}/scripts/search.mjs "搜索关键词"
node {baseDir}/scripts/search.mjs "搜索关键词" -n 10

支持的后端

  • skillhub (默认,免费) - 搜索 ClawHub 技能
  • tavily (需要 API Key) - AI 优化的通用搜索
  • brave (需要 API Key) - Brave Search

上传到 ClawHub

clawhub publish

License

MIT

数据来源:ClawHub ↗ · 中文优化:龙虾技能库
OpenClaw 技能定制 / 插件定制 / 私有工作流定制

免费技能或插件可能存在安全风险,如需更匹配、更安全的方案,建议联系付费定制

了解定制服务