← Back to Skills Marketplace
279
Downloads
1
Stars
0
Active Installs
4
Versions
Install in OpenClaw
/install curlsearch
Description
Web search using curl + multiple search engines (Baidu, Google, Bing, DuckDuckGo). Activates when user asks to search, look up, or query something online. In...
README (SKILL.md)
Curl Search Skill
Web search using curl + multiple search engines. This skill provides a lightweight alternative when dedicated search APIs are unavailable.
Supported Search Engines
| Engine | Alias | Description |
|---|---|---|
| Baidu | bd | Fast for China, default option |
| g | Requires proxy/VPN in China | |
| Bing | b | Microsoft Bing |
| DuckDuckGo | ddg | Privacy-focused search |
Usage Examples
Search for OpenClaw tutorial
Google search AI development
Find Python tutorials with bing
Requirements
- curl - Command-line HTTP client
- python3 - For URL encoding
Security Features
This skill includes several security enhancements:
1. Input Sanitization
Removes dangerous shell metacharacters that could be exploited:
sanitize_input() {
local input="$1"
echo "$input" | sed 's/[^a-zA-Z0-9 \_\-\.\~\x{4e00}-\x{9fff}]//g'
}
2. Command Injection Protection
- Validates search engine selection
- Restricts max results to 1-50
- Checks for empty input after sanitization
3. URL Encoding
Uses Python's urllib.parse with safe='' parameter to properly encode special characters.
Installation
# Install via ClawHub
clawhub install curl-search
# Or manually
cd your-skills-dir
tar -xzf curl-search.tar.gz
Configuration
Set default search engine:
export SEARCH_ENGINE=google
Set max results:
export MAX_RESULTS=5
Limitations
- Search results come from public search engines
- May be blocked by anti-scraping measures
- Google requires proxy/VPN in China
Version History
- 2.0.0 - Security enhancements added
- Input sanitization
- Command injection protection
- URL encoding improvements
- 1.0.0 - Initial release
Usage Guidance
This skill appears to do what it says (fetch search results with curl). Before installing or running it: 1) review and test the script in a safe/sandboxed environment; the sanitize implementation may not work on all systems (the sed Unicode syntax is non-portable) and the way the query is inlined into the python -c call is fragile — recommend changing the python invocation to accept the query as an argv (e.g., python3 -c 'import sys,urllib.parse; print(urllib.parse.quote(sys.argv[1], safe=""))' -- "$input") to avoid shell interpolation issues; 2) be aware your queries are sent to external search engines (privacy/exfiltration risk) and scraping may trigger anti-bot measures; 3) if you rely on this in production, consider hardening input handling or using official search APIs and rate-limiting. If you want, I can suggest specific, safer code changes for the sanitize and encode functions.
Capability Analysis
Type: OpenClaw Skill
Name: curlsearch
Version: 2.0.0
The curlsearch skill is a legitimate utility for performing web searches via curl across multiple engines (Baidu, Google, Bing, DuckDuckGo). The implementation in scripts/search.sh includes proactive security measures such as input sanitization via a whitelist-based sed command and URL encoding using python3. While the Python-based encoding logic could theoretically be vulnerable to injection, the script correctly applies the sanitizer beforehand to remove dangerous characters. No evidence of data exfiltration, persistence, or malicious intent was found.
Capability Assessment
Purpose & Capability
Name/description, SKILL.md requirements (curl, python3), and the included scripts align: the skill fetches search engine pages with curl and processes results locally. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
SKILL.md and scripts stay within the stated scope (perform web searches and return textual snippets). However, the provided sanitization and encoding have implementation weaknesses: the sed expression uses \x{4e00}-\x{9fff} (Unicode escape syntax that many sed variants do not support), and the script embeds the sanitized query directly inside a python -c string for URL encoding rather than passing it as an argument — if sanitization fails (or on different sed implementations) this could allow unexpected characters to reach the shell/python invocation. The script also performs network requests to third-party search engines (expected for this skill).
Install Mechanism
No install spec (instruction-only) and only relies on standard system binaries (curl, python3). This is low-risk from an installation perspective because nothing is downloaded or executed during install.
Credentials
No required secrets or credentials. Optional env vars (SEARCH_ENGINE, MAX_RESULTS) are reasonable and proportional to the skill's function.
Persistence & Privilege
Skill is not always-enabled and doesn't request elevated or persistent system-wide configuration. It does not attempt to modify other skills or agent settings.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install curlsearch - After installation, invoke the skill by name or use
/curlsearch - Provide required inputs per the skill's parameter spec and get structured output
Version History
v2.0.0
Version 2.0.0 – Major security and usability update
- Added input sanitization, command injection protection, and robust URL encoding for improved security.
- Expanded requirements and OS support metadata for better compatibility.
- Enhanced documentation with detailed usage examples, configuration options, and security feature explanations.
- Included author and license information.
- Updated version history and structured supported search engines in a table for clarity.
v1.0.2
- Added sanitize_input() function to remove dangerous shell characters
- Added URL encoding with safe='' parameter
- Added search engine validation
- Added max results validation (1-50)
- Added empty input check after sanitization
v1.0.1
- Added _meta.json file to enhance skill metadata management.
- No changes to user-facing features or functionality.
v1.0.0
Web search skills achieved using curl and multiple search engines
Metadata
Frequently Asked Questions
What is curl-search?
Web search using curl + multiple search engines (Baidu, Google, Bing, DuckDuckGo). Activates when user asks to search, look up, or query something online. In... It is an AI Agent Skill for Claude Code / OpenClaw, with 279 downloads so far.
How do I install curl-search?
Run "/install curlsearch" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is curl-search free?
Yes, curl-search is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does curl-search support?
curl-search is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created curl-search?
It is built and maintained by bluejoy34 (@bluejoy34); the current version is v2.0.0.
More Skills