← Back to Skills Marketplace
qsmtco

Curated Search

by qsmtco · GitHub ↗ · v1.0.7
cross-platform ⚠ pending
850
Downloads
0
Stars
2
Active Installs
8
Versions
Install in OpenClaw
/install curated-search
Description
Domain-restricted full-text search over curated technical documentation
README (SKILL.md)

Curated Search Skill

Summary

Domain-restricted full-text search over a curated whitelist of technical documentation (MDN, Python docs, etc.). Provides clean, authoritative results without web spam.

External Endpoints

This skill does not call any external network endpoints during search operations. The crawler optionally makes outbound HTTP requests during index builds (one‑time setup), but those are user‑initiated (npm run crawl) and respect the configured domain whitelist.

Security & Privacy

  • Search is fully local – After the index is built, all queries run offline; no data leaves your machine.
  • Crawling is optional and whitelist‑scoped – The crawler only accesses domains you explicitly list in config.yaml. It respects robots.txt and configurable delays.
  • No telemetry – No usage data is transmitted externally.
  • Configuration is read from local config.yaml and the index file in data/.

Model Invocation Note

The curated-search.search tool is invoked only when the user explicitly calls it. It does not run autonomously. OpenClaw calls the tool handler (scripts/search.js) when the user asks to search the curated index.

Trust Statement

By using this skill, you trust that the code operates locally and only crawls domains you approve. The skill does not send your queries or workspace data to any third party. Review the open‑source implementation before installing.

Tool: curated-search.search

Search the curated index.

Parameters

Name Type Required Default Description
query string yes Search query terms
limit number no 5 Maximum results (capped by config.max_limit, typically 100)
domain string no null Filter to specific domain (e.g., docs.python.org)
min_score number no 0.0 Minimum relevance score (0.0–1.0); filters out low-quality matches
offset number no 0 Pagination offset (skip first N results)

Response

JSON array of result objects:

[
  {
    "title": "Python Tutorial",
    "url": "https://docs.python.org/3/tutorial/",
    "snippet": "Python is an easy to learn, powerful programming language...",
    "domain": "docs.python.org",
    "score": 0.87,
    "crawled_at": 1707712345678
  }
]

Fields:

  • title — Document title (cleaned)
  • url — Source URL (canonical)
  • snippet — Excerpt (~200 chars) from content
  • domain — Hostname of source
  • score — BM25 relevance score (higher is better; not normalized 0–1 but typically 0–1 range)
  • crawled_at — Unix timestamp when page was crawled

Example Agent Calls

search CuratedSearch for "python tutorial"
search CuratedSearch for "async await" limit=3 domain=developer.mozilla.org
search CuratedSearch for "linux man page" min_score=0.3

Errors

If an error occurs, the tool exits non-zero and prints a JSON error object to stderr, e.g.:

{
  "error": "index_not_found",
  "message": "Search index not found. The index has not been built yet.",
  "suggestion": "Run the crawler first: npm run crawl",
  "details": { "path": "data/index.json" }
}

Common error codes:

Code Meaning Suggested Fix
config_missing Configuration file not found Specify --config path or ensure config.yaml exists
config_invalid YAML parsing failed Check syntax in config.yaml
config_missing_index_path index.path not set Add index.path to config
index_not_found Index file missing Run npm run crawl to build index
index_corrupted Index file incompatible or corrupted Rebuild index with npm run crawl
index_init_failed Unexpected index initialization error Check permissions, reinstall dependencies
missing_query No query provided Provide --query argument
query_too_long Query exceeds 1000 characters Shorten the query
limit_exceeded Limit > config.max_limit Use a smaller limit
invalid_domain Domain filter malformed Use format like docs.python.org
conflicting_flags Mutually exclusive flags used (e.g., --stats with --query) Use flags correctly
stats_failed Could not retrieve index stats Ensure index is accessible
search_failed Search execution threw an error Check query and index integrity

Configuration

Edit config.yaml in the skill directory. Key sections:

  • domains — whitelist of allowed domains (required)
  • seeds — starting URLs for crawling
  • crawl — depth, delay, timeout, max_documents
  • content — min_content_length, max_content_length
  • index — path to index files
  • search — default_limit, max_limit, min_score

See README.md for full configuration docs.

Support

  • Full documentation: README.md
  • Technical specs: specs/
  • Build plan: PLAN.md
  • Contributor guide: CONTRIBUTING.md
  • Issues: Report on GitHub (or via OpenClaw maintainers)
Usage Guidance
This skill is internally consistent: the search tool reads a local MiniSearch index and requires only Node; network activity occurs only if you (or an operator) run the crawler (npm run crawl) which will fetch pages from the domains listed in config.yaml. Before installing or enabling scheduled crawls: 1) review and tune config.yaml domains/seeds and delays (to avoid hammering sites or crawling sensitive hosts); 2) run the crawler as a low-privileged user and keep it isolated (systemd/cron guidance in docs is helpful); 3) verify the package does not contain legacy network servers (the repo includes SECURITY_INCIDENT_2026-02-14.md documenting a previously removed server component — the current bundle claims that file was removed, but you may want to inspect the published archive yourself); 4) if you do not want agents to call the tool autonomously, adjust OpenClaw skill invocation settings (or disable model invocation for this skill). Overall the bundle looks coherent and proportionate, but exercise normal operational caution when enabling networked crawling.
Capability Analysis
Type: OpenClaw Skill Name: curated-search Version: 1.0.7 ```json { "classification": "suspicious", "summary": "The skill demonstrates robust security features like domain whitelisting, SSRF prevention, and `robots.txt` adherence in `src/crawler.js` and `src/url-normalizer.js`. However, the `package-lock.json` indicates the use of `[email protected]`, which is an outdated version with known vulnerabilities (e.g., CVE-2022-0235, CVE-2022-0235, CVE-2022-0235, CVE-2022-0235, CVE-2022-0235, CVE-2022-0235, CVE-2022-0235, CVE-2022-0235, CVE-2022-0235, CVE-2022-0235, CVE-2022-0235, CVE-2022-0235, CVE-2022-0235, CVE-2022-0235, CVE-2022-0235, CVE-2022-0235, CVE-2022-0235, CVE-2022-0235, CVE-2022-0235
Capability Assessment
Purpose & Capability
Name/description (domain-restricted curated search) lines up with the included files (crawler, indexer, content-extractor, search CLI) and the declared runtime requirement (node). There are no unexpected credentials, unusual binaries, or install steps in the bundle. The domain whitelist and seeds in config.yaml explain why a crawler is included.
Instruction Scope
SKILL.md and README consistently state that search operations read local index files (data/index) and do not make network calls; that is reflected by a search CLI script. The crawler (scripts/crawl.js + src/crawler.js) does perform outbound HTTP requests, but those are described as user-initiated (npm run crawl) and controlled by config.yaml (whitelist, delays, robots.txt). One minor mismatch: SKILL.md emphasizes 'only when the user explicitly calls it' for invocation, but platform metadata allows normal autonomous invocation by agents (this is the platform default). This is an informational mismatch in documentation rather than a code contradiction, but you should be aware agents could be permitted to call the tool unless you restrict it.
Install Mechanism
No install spec is present (instruction-only install), and the bundle contains source JS files and scripts that run under Node. There are no downloads from external or untrusted URLs, no archive extraction steps, and no package manager installs invoked automatically by the skill. Requiring 'node' is proportionate.
Credentials
The skill requests no environment variables, no credentials, and reads only local configuration (config.yaml) and index files under its data/ path. The config contains domain whitelists and seeds (expected). No secret exfiltration indicators or unnecessary credential requirements are present in the manifest or docs.
Persistence & Privilege
The skill is not marked always:true and does not request elevated platform privileges in the metadata. The documentation describes running the crawler periodically (cron/systemd) as an operator action; that implies operational choices but not an inherent persist/privilege escalation in the skill itself. It does not modify other skills' configs in the provided materials.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install curated-search
  3. After installation, invoke the skill by name or use /curated-search
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.7
Added security manifest headers to all scripts; fixed SKILL.md compliance; improved .clawhubignore; removed skill.json. No functional changes.
v1.0.6
Publishing compliance: Added required SKILL.md sections, removed skill.json, improved .clawhubignore to exclude test files, bumped version. No functional changes.
v1.0.5
Security: declared Node.js runtime requirement via metadata.openclaw.requires.bins. Resolves ClawHub 'suspicious' flag.
v1.0.4
Security: removed unused search-api.js server component. Cleaned .clawhubignore to exclude all internal audit files. Fixed manifest inconsistencies.
v1.0.3
Security: excluded internal audit documents from publication via .clawhubignore. No functional changes.
v1.0.2
Re-published after deletion: version 1.0.0 could not be reused due to ClawHub's version reservation policy. Content unchanged.
v1.0.1
Initial public release: domain-restricted search with MiniSearch, robots.txt compliance, per-host rate limiting, and OpenClaw integration.
v1.0.0
Initial release
Metadata
Slug curated-search
Version 1.0.7
License
All-time Installs 2
Active Installs 2
Total Versions 8
Frequently Asked Questions

What is Curated Search?

Domain-restricted full-text search over curated technical documentation. It is an AI Agent Skill for Claude Code / OpenClaw, with 850 downloads so far.

How do I install Curated Search?

Run "/install curated-search" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Curated Search free?

Yes, Curated Search is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Curated Search support?

Curated Search is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Curated Search?

It is built and maintained by qsmtco (@qsmtco); the current version is v1.0.7.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463556 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259610 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200551 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191226 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190235 · by oswalpalash

💬 Comments