Web Search Plus

The name/description match the delivered files and runtime behavior: included Python scripts implement multi-provider search and auto-routing. Required binaries (python3, bash) are expected for running the provided scripts. The declared optional env vars are provider API keys that are appropriate for the described providers (Serper, Tavily, Exa, You.com, Kilo/Perplexity, SearXNG).

SKILL.md directs the agent/operator to run the supplied scripts (setup.py, search.py), copy config.example.json, and set API keys. These instructions stay within the skill's purpose, but the runtime behavior includes: (1) auto-loading a .env file from the skill directory, and (2) writing/reading a local cache under the skill directory (.cache/) that stores queries and provider metadata. Those actions are expected for this type of tool but are relevant privacy/operational considerations.

There is no external install spec or remote binary download—this is a scripts-and-docs package shipped as-is. That keeps install risk low: nothing is fetched from arbitrary URLs during installation. Running the included Python scripts executes shipped code (normal for an instruction-only skill with bundled scripts).

No required credentials are demanded up-front. The optional environment variables listed (SERPER_API_KEY, TAVILY_API_KEY, EXA_API_KEY, YOU_API_KEY, KILOCODE_API_KEY, SEARXNG_INSTANCE_URL) directly map to the providers the skill advertises. The number of optional keys is reasonable for an aggregator that supports multiple backends. Note: the code auto-loads a local .env file if present (it only sets variables not already in the environment).

The skill does not request always:true or system-wide privileges. It writes cache files into a .cache/ directory inside the skill folder (or WSP_CACHE_DIR if overridden) and stores provider health data there; this is normal for caching but means query data and provider metadata persist on disk. The skill does not appear to modify other skills or global agent config.