← Back to Skills Marketplace
602
Downloads
1
Stars
8
Active Installs
3
Versions
Install in OpenClaw
/install union-search-skill
Description
当用户需要跨多个平台搜索内容时使用此技能,包括 GitHub(仓库、代码、问题)、Reddit(帖子、子版块、用户)、小红书、抖音、Bilibili、YouTube、Twitter、微信(公众号文章)、Google、Tavily、秘塔搜索、火山引擎,以及通用搜索引擎(DuckDuckGo、Brave、Yahoo、...
Usage Guidance
What to consider before installing or running this skill:
- Metadata and reality mismatch: the registry claims no env requirements and 'instruction-only', but the package contains many scripts and the ENV_TEMPLATE lists many sensitive API keys and cookies. Treat the skill as one that will try to access .env and call many external services.
- Do not run it in a production environment or with real credentials present. If you want to try it, run inside an isolated sandbox/container or VM and use throwaway API keys or minimal-permission keys.
- Inspect high-risk files first: ENV_TEMPLATE, SKILL.md, scripts/reddit/agents.py (very large), any '*.js' in dist/ (minified/compiled JS), and downloader modules (yt-dlp usage). Look for code that transmits data to unknown endpoints beyond the documented search APIs.
- Remove or sanitize .env before running, or create a .env with only the specific keys you intend to test. Never paste full raw JSON API responses into external chat sessions as SKILL.md recommends avoiding, but still be careful — saved responses may contain tokens/cookies.
- The SKILL.md contains detected obfuscation patterns (base64, unicode control chars). Manually open SKILL.md and the bundled JS files in a safe environment and search for any encoded or hidden strings and for hardcoded endpoints.
- Prefer obtaining the project from the upstream GitHub repo referenced in README and verify commit history and authorship; check if the registry copy is complete or truncated (README warns about size limits). If you must use the registry copy, expect missing files and audit what is present.
- If you lack the ability to review code, avoid installing this skill or only use it through a trusted intermediary service that can sandbox and review network traffic. Consider limiting network egress or using a proxy that logs and inspects outbound calls.
If you want, I can: (1) summarize which exact files reference which environment variables, (2) search the bundle for suspicious network endpoints or hardcoded credentials, or (3) extract and highlight the largest/minified files that need manual review.
Capability Analysis
Type: OpenClaw Skill
Name: union-search-skill
Version: 1.2.0
The skill bundle is a comprehensive multi-platform search and media download aggregator. It provides a unified CLI to interact with over 30 platforms, including social media (TikTok, Douyin, Bilibili), developer communities (GitHub, Reddit), and AI-driven search engines (Tavily, Metaso). The code uses subprocess execution for external tools like yt-dlp and a local Node.js content extractor (Defuddle), and it manages API keys via environment variables. While it includes a hardcoded SerpAPI key in 'scripts/bing/bing_serpapi_search.py' as a fallback, there is no evidence of intentional malicious behavior, data exfiltration, or unauthorized access to sensitive user data.
Capability Assessment
Purpose & Capability
The skill name/description (multi‑platform search) matches the included code, but the registry metadata claimed 'Required env vars: none' while the project clearly expects many credentials (ENV_TEMPLATE lists GITHUB_TOKEN, GOOGLE_API_KEY, YOUTUBE_API_KEY, TIKHUB_TOKEN, SERPAPI keys, VOLCENGINE_API_KEY, etc.). That mismatch is incoherent: a search tool that needs many third‑party API keys should declare them. Also SKILL.md says 'instruction-only' in registry but the bundle contains 150+ Python files and bundled Node 'dist' artifacts — the install/runtime footprint is far larger than metadata indicates.
Instruction Scope
SKILL.md instructs the agent to create and read a .env, run many scripts, save raw responses, download bulk images/videos, and use cookies/proxies for downloads. Those instructions are within the stated search/archival purpose, but they grant broad discretion to access and persist potentially sensitive tokens, cookies, and large amounts of fetched content. The SKILL.md also includes guidance to save raw API responses and to use grep/jq on them — which could lead to storing sensitive data locally (cookies, auth responses).
Install Mechanism
There is no install spec (so the skill is 'instruction-only' in registry), yet the package includes large third‑party Node distribution files (defuddle-node/dist/*), many Python modules, and README warns about a >50MB size and recommends downloading from an external GitHub repo. The presence of compiled/minified JS artifacts increases review burden because they are large and harder to audit; lack of an explicit, trusted install source is a moderate concern.
Credentials
Metadata said no required env vars, but ENV_TEMPLATE and code reference many sensitive environment variables (API keys, cookies, multiple SERPAPI keys, YTDLP_COOKIES_FILE, WEIBO_COOKIE, ZHIHU_COOKIE, etc.). Requesting many unrelated credentials (multiple search providers + cookies) without declaring them is disproportionate and risky: if the agent is allowed to read environment variables or a .env file, it will have access to a broad set of secrets not reflected in metadata.
Persistence & Privilege
always:false (good), but the skill is allowed to be invoked autonomously (default). Combined with the other concerns (undisclosed credentials, code bundle that saves raw responses and downloads media), autonomous invocation increases blast radius: the skill could read a .env, call many external services, and persist responses/downloads. The bundle also includes large scripts like reddit/agents.py which deserve manual inspection for autonomous behavior.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install union-search-skill - After installation, invoke the skill by name or use
/union-search-skill - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.2.0
- 新增微信(公众号文章)搜索脚本(JS 版本),支持无需 API 搜索微信公众号文章。
- 文档和说明处同步增加对微信平台的支持,涵盖用法示例与入口导航。
- 项目结构、功能描述和命令行演示新增 wechat 相关模块内容。
- 其他平台、功能无变更。
v1.1.0
- Initial release of union-search-skill.
- Added unified multi-platform search scripts covering 20+ platforms (GitHub, Reddit, 小红书, 抖音, Bilibili, YouTube, Google, Twitter, and more).
- Included image download tool supporting 18 platforms, with metadata retention.
- Provided comprehensive documentation for each platform and tool in the scripts/ and references/ directories.
- Added centralized credential and configuration management via .env files.
- Implemented result filtering, sorting, batch download, and structured output options (Markdown, JSON).
v0.1.0
- 首次发布 union-search-skill 0.1.0,提供“一站式”多平台内容搜索与图片下载。
- 支持 20+ 内容平台与 18 个图片平台,统一接口标准,结构化输出,批量归档与下载。
- 丰富的搜索参数,支持过滤、排序、按需保存原始响应。
- 模块化设计,含详细文档与最佳实践、故障排查指引。
- 支持多种配置方式(参数、环境变量、配置文件),无需部分平台 API 密钥。
- 完备的项目结构与快速上手指南,便于用户高效管理与对比跨平台搜索结果。
Metadata
Frequently Asked Questions
What is Union Search Skill?
当用户需要跨多个平台搜索内容时使用此技能,包括 GitHub(仓库、代码、问题)、Reddit(帖子、子版块、用户)、小红书、抖音、Bilibili、YouTube、Twitter、微信(公众号文章)、Google、Tavily、秘塔搜索、火山引擎,以及通用搜索引擎(DuckDuckGo、Brave、Yahoo、... It is an AI Agent Skill for Claude Code / OpenClaw, with 602 downloads so far.
How do I install Union Search Skill?
Run "/install union-search-skill" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Union Search Skill free?
Yes, Union Search Skill is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Union Search Skill support?
Union Search Skill is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Union Search Skill?
It is built and maintained by ZiJiE.Z (@runningz1); the current version is v1.2.0.
More Skills