by 安全扫描
OpenClaw
安全
high confidenceThe skill's code and instructions match its stated purpose (local SearXNG metasearch); small documentation/metadata inconsistencies and an SSL verification decision are the only notable issues.
评估建议
This skill appears to do exactly what it claims: query a SearXNG instance and display results. Before installing: 1) Ensure SEARXNG_URL points to a trusted instance (local or a public instance you trust); queries go to that host. 2) If you connect to a remote instance, edit the script to enable SSL verification (change verify=False) — the current default disables SSL verification and suppresses warnings to support self-signed certs, which increases MITM risk for remote endpoints. 3) The registry...详细分析 ▾
✓ 用途与能力
The skill is a CLI wrapper around a local SearXNG JSON API. Required binary (python3) and included script are consistent with the description. No unrelated cloud credentials, binaries, or config paths are requested.
ℹ 指令范围
SKILL.md and the script only call the SearXNG HTTP API and print results. They do not read other system files or try to exfiltrate secrets. Note: the instructions and script expect a SEARXNG_URL environment variable (defaulting to http://localhost:8080) — the SKILL.md emphasizes configuring this.
✓ 安装机制
No install spec is provided (instruction-only), so nothing is downloaded or executed automatically. The bundle does include a Python script that lists dependencies (httpx, rich) in its header; those are normal for a CLI skill but are not auto-installed by the registry.
ℹ 凭证需求
The skill requires a SEARXNG_URL to operate, which is appropriate. Registry metadata at the top lists 'Required env vars: none' while SKILL.md/metadata indicate SEARXNG_URL is required — this mismatch is a documentation/metadata inconsistency that should be fixed. No sensitive credentials are requested.
✓ 持久化与权限
The skill is not always-enabled and does not request elevated or persistent privileges. It does not modify other skills or system-wide settings. Agent autonomous invocation is allowed (platform default) but not combined with any broad credentials or persistence.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.32026/1/27
Latest updates with improved documentation
● 无害
安装命令
点击复制官方npx clawhub@latest install searxng
镜像加速npx clawhub@latest install searxng --registry https://cn.longxiaskill.com