Safety Report

Stealthy Google Search

Name: Stealthy Google Search
Author: itzsubhadip

Google search via Scrapling’s StealthyFetcher/StealthySession. Use to run Google queries and return clean top-result titles + links (plain text or JSON). Inc...

24Downloads

1Installs

0Stars

1Versions

Search & Retrieval5,443

Security Analysis

high confidence

Clean0.08 risk

The skill's code, instructions, and installer are coherent with its stated purpose (running stealthy Google searches via Scrapling); it requires installing Scrapling and Playwright browsers but does not request unrelated credentials or perform obvious exfiltration.

Feb 23, 20263 files2 concerns

Purpose & Capabilityok

Name/description match the included files: google_search.py performs Google queries using scrapling.StealthyFetcher and returns titles/URLs. The included install.sh sets up a Python venv and installs scrapling, which is necessary for the code to run.

Instruction Scopenote

SKILL.md and scripts instruct the agent/user to create a local venv, install scrapling[fetchers], and run the search script. The installer may invoke sudo to install Playwright system dependencies (via the scrapling CLI). This is within the installer’s stated remit but does require elevated system operations that are not part of the search logic itself.

Install Mechanismnote

No registry install spec, but an included install.sh uses pip to install 'scrapling[fetchers]' from PyPI and runs the scrapling CLI which will download Playwright browsers and system deps. This is expected for a browser-based fetcher but carries normal supply-chain and system-level risks (third-party packages & browser binaries).

Credentialsok

The skill declares no required environment variables or credentials. The installer uses 'sudo -E' if available (which preserves environment variables) and runs commands that may access system state, but the skill itself does not request unrelated secrets.

Persistence & Privilegeok

always is false and the skill does not request permanent system-wide changes. It creates a local .venv and installs dependencies there; it does not modify other skills or agent-wide configs.

Guidance

This skill appears to do what it says, but exercise caution before running the installer: 1) The included install.sh will create a .venv, install a third-party package (scrapling) from PyPI, and run 'scrapling install' which downloads Playwright browsers and may invoke sudo to install system dependencies — review the scrapling project (https://github.com/D4Vinci/Scrapling) and its install steps first. 2) Because the installer may run with sudo -E (preserves environment), avoid running it in an environment with sensitive env vars present, or sanitize them first. 3) Prefer running the installer in an isolated environment (container or VM) if you are unsure. 4) If you want to avoid sudo, install Playwright/system deps manually and run the scrapling install step as your user. 5) If you need higher assurance, inspect the scrapling package source and the scrapling CLI's install behavior before proceeding.

Latest Release

v0.1.0

Initial release: Scrapling StealthyFetcher Google search + installer (venv + scrapling install).

Popular Skills

Universal Video Downloader

@ItzSubhadip · 6 stars

YouTube Transcript (yt-dlp captions)

@ItzSubhadip · 0 stars

self-improving-agent

@pskoett · 1,456 stars

Gog

@steipete · 672 stars

Tavily Web Search

@arun-8687 · 620 stars

Find Skills

@JimLiuxinghai · 529 stars

Published by @itzsubhadip on ClawHub