by 安全扫描
OpenClaw
安全
high confidence技能的代码和说明与其声明的目的(本地 SearXNG 元搜索)相符;唯一显著的问题是文档/元数据的少量不一致以及 SSL 验证的决定。
评估建议
该技能安全风险较低。本地部署:搜索请求不经过第三方 API 服务器,保护隐私。元搜索特性:聚合多个搜索引擎结果。多类型搜索:支持网页、图片、新闻等多种内容类型。使用前需在本地部署 SearXNG 实例。...详细分析 ▾
✓ 用途与能力
The skill is a CLI wrapper around a local SearXNG JSON API. Required binary (python3) and included script are consistent with the description. No unrelated cloud credentials, binaries, or config paths are requested.
ℹ 指令范围
SKILL.md and the script only call the SearXNG HTTP API and print results. They do not read other system files or try to exfiltrate secrets. Note: the instructions and script expect a SEARXNG_URL environment variable (defaulting to http://localhost:8080) — the SKILL.md emphasizes configuring this.
✓ 安装机制
No install spec is provided (instruction-only), so nothing is downloaded or executed automatically. The bundle does include a Python script that lists dependencies (httpx, rich) in its header; those are normal for a CLI skill but are not auto-installed by the registry.
ℹ 凭证需求
The skill requires a SEARXNG_URL to operate, which is appropriate. Registry metadata at the top lists 'Required env vars: none' while SKILL.md/metadata indicate SEARXNG_URL is required — this mismatch is a documentation/metadata inconsistency that should be fixed. No sensitive credentials are requested.
✓ 持久化与权限
The skill is not always-enabled and does not request elevated or persistent privileges. It does not modify other skills or system-wide settings. Agent autonomous invocation is allowed (platform default) but not combined with any broad credentials or persistence.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.32026/1/27
最新更新:改进了文档
● 无害
安装命令
点击复制官方npx clawhub@latest install searxng
镜像加速npx clawhub@latest install searxng --registry https://cn.longxiaskill.com 镜像可用
国内专用无需额外安装
本土化适配说明
使用该技能前需要在本地部署 SearXNG 实例。可通过官方 Docker 镜像或源码自行搭建。确保实例能够访问外部搜索引擎并在防火墙中开放相应端口。部署完成后,在技能配置中填写本地 SearXNG 的访问地址即可使用。