Safety Report

Searxng

Name: Searxng
Rating: 5 (14 reviews)
Author: abk234

Privacy-respecting metasearch using your local SearXNG instance. Search the web, images, news, and more without external API dependencies.

9,193Downloads

153Installs

14Stars

4Versions

API Integration4,971 Search & Retrieval2,116 Image Processing1,559 DevOps & Infrastructure1,045

Security Analysis

high confidence

Clean0.08 risk

The skill's code and instructions match its stated purpose (local SearXNG metasearch); small documentation/metadata inconsistencies and an SSL verification decision are the only notable issues.

Feb 11, 20266 files2 concerns

Purpose & Capabilityok

The skill is a CLI wrapper around a local SearXNG JSON API. Required binary (python3) and included script are consistent with the description. No unrelated cloud credentials, binaries, or config paths are requested.

Instruction Scopenote

SKILL.md and the script only call the SearXNG HTTP API and print results. They do not read other system files or try to exfiltrate secrets. Note: the instructions and script expect a SEARXNG_URL environment variable (defaulting to http://localhost:8080) — the SKILL.md emphasizes configuring this.

Install Mechanismok

No install spec is provided (instruction-only), so nothing is downloaded or executed automatically. The bundle does include a Python script that lists dependencies (httpx, rich) in its header; those are normal for a CLI skill but are not auto-installed by the registry.

Credentialsnote

The skill requires a SEARXNG_URL to operate, which is appropriate. Registry metadata at the top lists 'Required env vars: none' while SKILL.md/metadata indicate SEARXNG_URL is required — this mismatch is a documentation/metadata inconsistency that should be fixed. No sensitive credentials are requested.

Persistence & Privilegeok

The skill is not always-enabled and does not request elevated or persistent privileges. It does not modify other skills or system-wide settings. Agent autonomous invocation is allowed (platform default) but not combined with any broad credentials or persistence.

Guidance

This skill appears to do exactly what it claims: query a SearXNG instance and display results. Before installing: 1) Ensure SEARXNG_URL points to a trusted instance (local or a public instance you trust); queries go to that host. 2) If you connect to a remote instance, edit the script to enable SSL verification (change verify=False) — the current default disables SSL verification and suppresses warnings to support self-signed certs, which increases MITM risk for remote endpoints. 3) The registry metadata should declare SEARXNG_URL as a required env var; verify your environment or Clawdbot config provides it. 4) Make sure Python (>=3.11 per header) and the listed Python deps (httpx, rich) are installed in a controlled environment. If you need stricter guarantees, inspect the included scripts locally before running them.

Latest Release

v1.0.3

Latest updates with improved documentation

Popular Skills

self-improving-agent

@pskoett · 1,456 stars

Gog

@steipete · 672 stars

Tavily Web Search

@arun-8687 · 620 stars

Find Skills

@JimLiuxinghai · 529 stars

Proactive Agent

@halthelobster · 426 stars

Summarize

@summarize · 415 stars

Published by @abk234 on ClawHub