← Back to Skills Marketplace

Search Viewer

Name: Search Viewer
Author: adminlove520

by Anonymous · GitHub ↗ · v4.3.0 · MIT-0

cross-platform ⚠ suspicious

309

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install search-viewer

Description

整合Fofa、Hunter、Shodan等空间测绘平台API，辅助渗透测试信息收集和资产发现的工具。

Usage Guidance

This tool appears to be what it says (an OSINT GUI aggregator) but has several practical and security issues you should consider before installing: - Verify the source repository and review the code (Search_Viewer.py and iconhash.py) yourself or with a trusted reviewer; the package owner is not clearly established here. - The SKILL.md and _meta.json understate dependencies. Before running, inspect imports and install required libraries (shodan, mmh3, configobj, jsonpath, etc.), or run in a disposable environment (VM or container). - API keys are stored in a local config.ini in plaintext. Do not use production/privileged credentials. Use throwaway or scoped API keys where possible and restrict file permissions (chmod 600). Rotate keys after use. - The iconhash feature issues HTTP GET requests to user-supplied URLs. That can be abused to probe internal network services (SSRF-like behavior). Only query URLs you trust and consider running the app on an isolated network. - If you plan to use this for sanctioned testing, ensure you have authorization for targets and comply with legal/regulatory requirements. If you want to proceed: run the app in an isolated VM, confirm and install all actual Python dependencies found in the code, inspect network calls in the source, and avoid entering sensitive credentials until you are comfortable with the code.

Capability Analysis

Type: OpenClaw Skill Name: search-viewer Version: 4.3.0 The skill bundle is a graphical OSINT (Open Source Intelligence) aggregator tool designed to query various network mapping platforms such as Fofa, Shodan, and Hunter. Analysis of the primary logic in Search_Viewer.py and iconhash.py confirms that the code performs legitimate API requests to these services and manages configuration data locally in a config.ini file. No evidence of data exfiltration, backdoors, or malicious prompt injection was found; the tool's behavior is consistent with its stated purpose as a reconnaissance utility for security professionals.

Capability Assessment

ℹ Purpose & Capability

The code implements a desktop GUI aggregator for Fofa/Hunter/Shodan/Quake/Zoomeye (consistent with the description). However the metadata and SKILL.md list only pyside2 and requests while the code imports additional libraries (shodan, mmh3, configobj, jsonpath, configparser, etc.). This mismatch indicates the provided instructions and metadata are incomplete or out-of-sync with the actual code.

⚠ Instruction Scope

Runtime instructions tell the user to clone and run the app and to install only pyside2 and requests. The application reads and writes a local config.ini to store API keys (no encryption) and provides UI features that fetch arbitrary URLs (iconhash uses requests.get on user input). Storing API keys in plaintext and fetching arbitrary URLs (which can reach internal resources) are security-sensitive behaviors that the SKILL.md does not adequately warn about.

ℹ Install Mechanism

There is no automated install spec (lower platform install risk), but the SKILL.md's pip install line is incomplete relative to the code's imports. Users following the instructions will likely encounter missing-dependency errors or install the wrong set of packages.

ℹ Credentials

The skill does not request environment variables or external credentials in the metadata (appropriate). It does, however, require users to supply multiple third-party API keys via the GUI which are stored locally in config.ini in plaintext—this is functionally expected but worth noting because those keys grant network access and should be protected.

✓ Persistence & Privilege

The skill is not marked always:true and does not request system-wide configuration or other skills' credentials. It runs as a local application and keeps configuration in a local file; it does not appear to claim elevated platform privileges.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install search-viewer
After installation, invoke the skill by name or use /search-viewer
Provide required inputs per the skill's parameter spec and get structured output

Version History

v4.3.0

- Initial public release: Search Viewer v4.3.0 - Aggregates multiple cyberspace reconnaissance platforms (Fofa, Hunter, Shodan, 360 Quake, Zoomeye) - Supports asset discovery, port/service enumeration, subdomain collection, and fingerprint identification - CLI usage guide, API key configuration, and query syntax examples included - Emphasizes lawful, ethical use and outlines compliance considerations

Metadata

Slug search-viewer

Version 4.3.0

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is Search Viewer?

整合Fofa、Hunter、Shodan等空间测绘平台API，辅助渗透测试信息收集和资产发现的工具。 It is an AI Agent Skill for Claude Code / OpenClaw, with 309 downloads so far.

How do I install Search Viewer?

Run "/install search-viewer" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Search Viewer free?

Yes, Search Viewer is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Search Viewer support?

Search Viewer is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Search Viewer?

It is built and maintained by Anonymous (@adminlove520); the current version is v4.3.0.

More Skills