← Back to Skills Marketplace
yuanchao193

Claw Search

by yuanchao193 · GitHub ↗ · v1.0.3 · MIT-0
cross-platform ⚠ suspicious
368
Downloads
0
Stars
0
Active Installs
4
Versions
Install in OpenClaw
/install claw-search
Description
提供免费通用 Web 搜索 API 服务,支持多后端兼容,无需 API Key,快速响应,适合 AI Agent 集成使用。
README (SKILL.md)

Claw Search 🔍

通用免费的 Web Search API 服务,专为 AI Agents 设计。

功能

  • 🔍 Web 搜索 - 类似 Brave Search 的 Web Search API
  • 🌐 通用兼容 - 兼容 OpenClaw、Claude Code 等各种 Agent
  • 🔑 无需 API Key - 使用 skillhub 后端,无需申请
  • 🚀 快速响应 - 优化的搜索体验
  • 🐳 Docker 部署 - 一键部署到任意服务器

API 使用

Web 搜索

curl -X POST https://api.claw-search.com/api/search \
  -H "Content-Type: application/json" \
  -d '{"query": "openclaw ai agent", "count": 10}'

搜索结果示例

{
  "query": "openclaw ai agent",
  "count": 5,
  "results": [
    {
      "title": "openclaw-backup",
      "url": "https://clawhub.com/skill/openclaw-backup",
      "description": "OpenClaw Backup",
      "age": ""
    }
  ]
}

API 参数

参数 类型 必填 说明
query string 搜索关键词
count number 返回结果数量 (默认 10, 最大 20)
offset number 分页偏移
country string 国家代码 (默认 CN)
freshness string 时间范围: pd(天), pw(周), pm(月), py(年)

部署

Docker 部署 (推荐)

# 克隆或下载项目
cd claw-search

# 启动服务
docker-compose up -d

# 测试
curl https://api.claw-search.com/health

手动部署

# 安装依赖
npm install

# 启动服务
PORT=8080 npm start

环境变量

变量 说明
PORT 服务端口 (默认 8080)
TAVILY_API_KEY Tavily API Key (可选)
BRAVE_API_KEY Brave Search API Key (可选)

OpenClaw Skill 调用

node {baseDir}/scripts/search.mjs "搜索关键词"
node {baseDir}/scripts/search.mjs "搜索关键词" -n 10

支持的后端

  1. skillhub (默认,免费) - 搜索 ClawHub 技能
  2. tavily (需要 API Key) - AI 优化的通用搜索
  3. brave (需要 API Key) - Brave Search

上传到 ClawHub

clawhub publish

License

MIT

Usage Guidance
This skill is plausible as a search aggregator, but I recommend caution before installing or running it on any machine you care about: - Review and mitigate shell-injection risk: server/search.js uses execSync with user-supplied query (executes `skillhub search "<query>"`). Treat queries as untrusted input and avoid executing them in a shell; prefer spawn with argument arrays or sanitize/escape inputs. - Confirm required binaries and runtimes: the code expects Chromium at /usr/bin/chromium-browser, Node + npm (to install puppeteer), and the 'skillhub' CLI; a Python Flask stack appears too. These are not declared in metadata — install in an isolated environment (container) if you test. - Audit third-party dependencies and sources: package-lock references a non-default npm mirror; if you plan to run npm install, consider pinning/inspecting packages and fetching from trusted registries. - Watch filesystem access: server-v2.js reads an absolute path under /root/.openclaw/workspace/..., and the service writes /tmp/claw-search-stats.json. Ensure the service cannot access sensitive host files and run inside a sandbox (container with limited mounts) if installed. - If you need the skill for agent usage, prefer self-hosting in an isolated container (no access to host secrets), or ask the author to: (a) declare required binaries/py deps, (b) remove direct exec of user-controlled strings or properly escape arguments, (c) avoid hard-coded absolute paths and document data locations. Given the mismatches and the exploitable pattern (shell exec with unsanitized input), treat this skill as suspicious until the above issues are resolved or you perform an operational audit in a safe environment.
Capability Analysis
Type: OpenClaw Skill Name: claw-search Version: 1.0.3 The skill bundle contains a critical shell injection vulnerability in 'server/search.js', where the 'searchSkillhub' function passes unsanitized user-controlled search queries directly into 'execSync'. This allows for Remote Code Execution (RCE) via queries containing shell metacharacters. Additionally, 'server-v2.js' relies on hardcoded absolute paths in the root directory and executes Puppeteer with the '--no-sandbox' flag, which significantly weakens container security. While the bundle appears to be a functional search tool, these high-risk implementation flaws represent a major security liability.
Capability Assessment
Purpose & Capability
The skill claims a lightweight, no-API-key search API, but the shipped code needs additional runtime components that are not declared: (1) Node code uses puppeteer/puppeteer-core and expects a Chromium binary at /usr/bin/chromium-browser; (2) a Python frontend (search-frontend/server.py) requires Flask, requests, BeautifulSoup, but Python deps are not documented; (3) server/search.js calls an external 'skillhub' CLI via execSync. These binaries/libraries are plausible for a scraping-based search service, but the skill metadata declared no required binaries or install steps — that mismatch is concerning.
Instruction Scope
The SKILL.md gives general deploy/run instructions only, but the runtime instructions in the code go beyond that surface: server/search.js executes `skillhub search "<query>"` (execSync) which runs a local binary with user-supplied input (risk of shell injection and requires 'skillhub' to exist). server-v2.js reads a hard-coded absolute path under /root/.openclaw/workspace/... to load data, indicating the code expects access to the agent's workspace filesystem. Multiple components perform web scraping (puppeteer, requests) — all of which are coherent with a search aggregator but the SKILL.md does not warn about required native/browser binaries or the local-exec behavior.
Install Mechanism
There is no install spec in registry metadata (instruction-only), but repository includes package.json and package-lock.json and expects npm install; package-lock entries resolve via a Tencent mirror (mirrors.tencentyun.com). Relying on npm install will pull many dependencies (puppeteer and its browser tooling are large). The absence of a declared install mechanism plus use of puppeteer and a non-default mirror are operational / supply-chain risks to review before installing.
Credentials
SKILL.md lists a small set of optional env vars (PORT, TAVILY_API_KEY, BRAVE_API_KEY) and the scripts reference CLAW_SEARCH_URL. There are no broad credentials requested. However, the code expects system binaries (chromium, skillhub) and reads/writes local files (/tmp/claw-search-stats.json, /root/.openclaw/...). Those filesystem accesses are not declared in metadata and may expose more of the host environment than the README implies.
Persistence & Privilege
Skill does not set always:true and does not request elevated platform privileges in the metadata. It does, however, contain server code that will run as a persistent service when deployed (docker-compose), which is expected for a search API but means it will run continuously and have filesystem/network access as shown in the code.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install claw-search
  3. After installation, invoke the skill by name or use /claw-search
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.3
更新到最新版本
v1.0.2
- Updated all example API endpoints to use the public https://api.claw-search.com instead of localhost for easier access. - Adjusted health check and deployment instructions to reflect the new endpoint.
v1.0.1
- Updated public/index.html (details not specified). - No changes to documentation or feature list in SKILL.md.
v1.0.0
Claw Search 1.0.0 初始发布 - 提供通用免费 Web 搜索 API,无需 API Key,专为 AI Agents 设计 - 支持 OpenClaw、Claude Code 等多种 Agent,无缝对接 - 提供 Docker 一键部署与手动部署两种方式 - 可选择 skillhub (默认、免费)、Tavily、Brave 多种搜索后端 - 支持多参数自定义:关键词、结果数、分页、国家、时间范围 - 丰富 API 文档和使用示例
Metadata
Slug claw-search
Version 1.0.3
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 4
Frequently Asked Questions

What is Claw Search?

提供免费通用 Web 搜索 API 服务,支持多后端兼容,无需 API Key,快速响应,适合 AI Agent 集成使用。 It is an AI Agent Skill for Claude Code / OpenClaw, with 368 downloads so far.

How do I install Claw Search?

Run "/install claw-search" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Claw Search free?

Yes, Claw Search is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Claw Search support?

Claw Search is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Claw Search?

It is built and maintained by yuanchao193 (@yuanchao193); the current version is v1.0.3.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments