← Back to Skills Marketplace
1010
Downloads
0
Stars
2
Active Installs
2
Versions
Install in OpenClaw
/install searxng-1
Description
Privacy-respecting metasearch using your local SearXNG instance. Search the web, images, news, and more without external API dependencies.
Usage Guidance
This skill appears to do what it says: query a SearXNG JSON API and present results. Before installing: (1) Confirm you run or trust the SearXNG instance you set in SEARXNG_URL (the script defaults to http://localhost:8080). (2) Install Python dependencies (httpx, rich) from trusted package sources. (3) If you point SEARXNG_URL to a remote/non-local endpoint, change verify=False to verify=True (and remove suppressed SSL warnings) to avoid MITM risk — the script currently disables SSL verification for convenience with self-signed certs. (4) Note the documentation mismatch: the registry metadata omits the required SEARXNG_URL env var; set it in your agent config or shell. (5) Run the script in an isolated environment if you want extra assurance and inspect the code yourself; there are no hidden network endpoints or credential exfiltration code in the included files.
Capability Analysis
Type: OpenClaw Skill
Name: searxng-1
Version: 1.0.1
The skill is classified as suspicious due to the combination of a user-configurable `SEARXNG_URL` environment variable and the `verify=False` setting in the `httpx.get` request within `scripts/searxng.py`. While intended for local SearXNG instances with self-signed certificates, this creates a significant Server-Side Request Forgery (SSRF) and Man-in-the-Middle (MITM) vulnerability if an attacker can control the `SEARXNG_URL` environment variable. The skill itself does not exhibit malicious intent, but these design choices introduce high-risk capabilities that could be exploited.
Capability Assessment
Purpose & Capability
Name/description, CLI examples, and the included Python script all implement searching a local SearXNG instance. Required runtime (python3) and an instance URL (SEARXNG_URL) are reasonable and expected for this purpose. Minor inconsistency: registry metadata shows 'Required env vars: none' while SKILL.md and the script document/require SEARXNG_URL (defaulting to http://localhost:8080).
Instruction Scope
SKILL.md instructs the agent to call the included script with query and category parameters and to set SEARXNG_URL; the script issues HTTP GET requests to the SearXNG JSON API and formats/display results. The instructions do not direct reading unrelated files, harvesting secrets, or sending data to unexpected endpoints. Note: the script disables SSL verification (verify=False) and suppresses related warnings to support self-signed certs — appropriate for local instances but risky if pointed at an untrusted remote endpoint.
Install Mechanism
There is no install spec (instruction-only skill), which minimizes risk because nothing arbitrary is downloaded at install time. However, the script lists Python dependencies (httpx, rich) in header comments; the skill does not provide a mechanism to install them automatically. Users/agents must ensure those packages are present from trusted sources.
Credentials
Only one environment variable (SEARXNG_URL) is used to point at the SearXNG instance; no tokens or unrelated credentials are requested. Again, registry metadata omitted this required env var which is a documentation mismatch to be aware of. Also verify=False in requests means SSL verification is disabled — not an environment/credential issue, but a security posture to review before pointing the skill at non-local instances.
Persistence & Privilege
The skill is not force-included (always:false), does not request system-level config paths or alter other skills, and uses normal agent invocation. No elevated persistence or cross-skill modifications are present.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install searxng-1 - After installation, invoke the skill by name or use
/searxng-1 - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
- No functional or documentation changes; version bump only.
- All features, commands, and configuration remain unchanged.
v1.0.0
- Added SKILL.md documentation describing usage, commands, configuration, and features.
- Now includes triggers for easier invocation: "search for", "search web", "find information", "look up".
- Outlines command-line search options, including categories (web, images, news, videos), result count customization, formats, language, and time range.
- Documents required SEARXNG_URL environment variable, with guidance for both shell and Clawdbot configuration.
- Highlights privacy, multi-search aggregation, and fast JSON support.
Metadata
Frequently Asked Questions
What is Searxng 1?
Privacy-respecting metasearch using your local SearXNG instance. Search the web, images, news, and more without external API dependencies. It is an AI Agent Skill for Claude Code / OpenClaw, with 1010 downloads so far.
How do I install Searxng 1?
Run "/install searxng-1" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Searxng 1 free?
Yes, Searxng 1 is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Searxng 1 support?
Searxng 1 is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Searxng 1?
It is built and maintained by phucanh08 (@phucanh08); the current version is v1.0.1.
More Skills