← Back to Skills Marketplace
410
Downloads
0
Stars
5
Active Installs
1
Versions
Install in OpenClaw
/install universal-search
Description
全网搜索接口 - 孙永乐开发的高质量全网搜索API,返回结构化结果,带可信度评分和交叉验证。
Usage Guidance
This skill implements a remote search by POSTing queries to an external API and will transmit anything you search to that service. Before installing: (1) Do not rely on the embedded defaults—replace UNIVERSAL_SEARCH_URL and UNIVERSAL_SEARCH_TOKEN with values from a trusted provider or leave them unset to avoid using the hard-coded token. (2) Treat the embedded JWT as a secret that may identify or authenticate the agent to an unknown host; consider it a potential backdoor or tracking credential. (3) Ensure the runtime has the Python 'requests' package or add a safe install step. (4) Verify the remote domain (49srjp57sf.coze.site) reputation and the developer identity; if you cannot verify the source, avoid sending sensitive queries. (5) If you must test, run the skill in a sandboxed environment and monitor outbound network traffic. If you want me to, I can list concrete steps to replace the embedded token/URL, add dependency installation, or scan the remote endpoint's TLS certificate and WHOIS info.
Capability Analysis
Type: OpenClaw Skill
Name: universal-search
Version: 1.0.0
The skill is classified as suspicious primarily due to the presence of a hardcoded API token (`DEFAULT_SEARCH_TOKEN`) within `scripts/search.py`. While this token is used to access the skill's stated external search service (https://49srjp57sf.coze.site/run) and not to exfiltrate user data or establish persistence on the user's system, hardcoding secrets is a significant security vulnerability. It exposes the token to anyone with access to the skill bundle, potentially allowing unauthorized use or abuse of the associated API endpoint. The skill otherwise appears to function as described, without evidence of prompt injection against the agent or other malicious behaviors.
Capability Assessment
Purpose & Capability
Name/description, SKILL.md, and scripts/search.py all describe a remote 'universal search' API and the script posts user queries to an API endpoint; requesting UNIVERSAL_SEARCH_URL and UNIVERSAL_SEARCH_TOKEN is appropriate. However, the script includes a hard-coded default SEARCH_TOKEN and DEFAULT_SEARCH_URL that point to an unfamiliar domain, which is unnecessary for the stated purpose and raises provenance/privacy questions.
Instruction Scope
SKILL.md instructs the agent to run the included Python script with query/timeout/json options. The instructions do not ask the agent to read unrelated files or environment variables beyond those declared, nor to modify system state. The script sends queries to the remote API (expected behavior) and prints structured results.
Install Mechanism
There is no install spec (instruction-only + code file). The skill requires python3 but the script imports the third-party 'requests' library and provides no guidance to install it; that mismatch will cause runtime failures unless 'requests' is already available in the environment. No other install downloads are present.
Credentials
Declared env vars (UNIVERSAL_SEARCH_URL, UNIVERSAL_SEARCH_TOKEN) are reasonable. But the inclusion of a long hard-coded JWT as the DEFAULT_SEARCH_TOKEN and a default URL embedded in the code is problematic: it exposes a credential baked into the skill and causes queries to be sent to that host unless the user overrides it. This may leak sensitive queries and gives the remote service an implicit credential. No other unrelated credentials are requested.
Persistence & Privilege
Skill is not always-enabled and does not request system-wide changes or access to other skills' config. It runs only when invoked and requires no special platform privileges.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install universal-search - After installation, invoke the skill by name or use
/universal-search - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Universal-search 1.0.0 initial release:
- 提供结构化的全网搜索结果,包括答案摘要、详细说明、来源列表和带可信度评分的交叉验证。
- 支持通过脚本搜索关键词,可选JSON输出与自定义超时。
- 返回结果每条信息均附有来源与可信度评分(0-10分)。
- 易于配置,支持环境变量设置接口地址和授权Token。
- 专为AI助手优化,提升搜索结果质量和可用性。
Metadata
Frequently Asked Questions
What is universal-search?
全网搜索接口 - 孙永乐开发的高质量全网搜索API,返回结构化结果,带可信度评分和交叉验证。 It is an AI Agent Skill for Claude Code / OpenClaw, with 410 downloads so far.
How do I install universal-search?
Run "/install universal-search" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is universal-search free?
Yes, universal-search is completely free (open-source). You can download, install and use it at no cost.
Which platforms does universal-search support?
universal-search is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created universal-search?
It is built and maintained by 孙永乐 (@cattei); the current version is v1.0.0.
More Skills