← Back to Skills Marketplace
mupengi-bot

web-claude

by mupengi-bot · GitHub ↗ · v1.1.0
cross-platform ⚠ suspicious
2146
Downloads
1
Stars
24
Active Installs
2
Versions
Install in OpenClaw
/install web-claude
Description
Unified web search skill. Fallback order — web_search(Brave) → duckduckgo → claude.ai. Auto-cache search results (saved to memory/research/)
Usage Guidance
This skill appears to do what it says (a 3-tier unified search) but it omits some important declarations and assumptions. Before installing or using it: (1) Confirm where and how you will supply a Brave API key (the SKILL.md says it's required but the skill metadata doesn't declare it). Store that key in a secure place and avoid embedding it in logs. (2) Be aware the DuckDuckGo fallback uses a python snippet that requires the duckduckgo_search package and a Python runtime — install and vet that package if you plan to rely on it. (3) Tier 3 automates your local OpenClaw browser (port 18800) and requires a logged-in claude.ai session; automation will interact with your authenticated browser and could expose session-contained data — only enable it if you trust the skill and want automated access to your session. (4) The skill auto-saves search results to memory/research/ — these files may contain sensitive queries or fetched content; review and control that folder or request an option to disable caching. (5) Ask the skill author to update metadata to explicitly list required env vars, dependencies, and the cache path (so you can audit and control them). If you need higher assurance, request a version that declares dependencies and briefly shows the exact commands it will run (or provide an install script that you can review).
Capability Analysis
Type: OpenClaw Skill Name: web-claude Version: 1.1.0 The skill is classified as suspicious due to significant vulnerabilities that could lead to remote code execution (RCE) and arbitrary file writes. The `python -c` command used for DuckDuckGo search in SKILL.md presents a shell/Python injection risk if the search query is not properly sanitized. Additionally, the auto-caching feature, which creates files with `[keyword]` derived from the search query in `memory/research/`, introduces a path traversal or arbitrary file write vulnerability if the keyword is not sanitized. While the skill's stated purpose is benign, these implementation flaws allow for potential exploitation, classifying it as suspicious rather than malicious, as there's no clear evidence of intentional harmful design.
Capability Assessment
Purpose & Capability
The SKILL.md describes a 3-tier search (Brave web_search, DuckDuckGo via python, and claude.ai browser automation). The skill metadata declares no required env vars, binaries, or installs, yet the instructions explicitly say a Brave API key is required for Tier 1 and the DuckDuckGo fallback uses a python package (duckduckgo_search). Those credentials/dependencies are expected for the stated functionality but are not declared in metadata — a mismatch.
Instruction Scope
Runtime instructions direct the agent to: call a built-in web_search tool, run an external python snippet, automate a browser on port 18800 to access claude.ai, and save full results to memory/research/ files. Saving to disk and automating the user's logged-in claude.ai browser session are within 'search' scope but they access filesystem and an authenticated browser session that the metadata does not mention. The instructions also recommend waits and snapshots which could expose session state; these behaviors should be explicitly declared.
Install Mechanism
There is no install spec (instruction-only), which keeps disk footprint low. However, the DuckDuckGo fallback calls a python snippet that requires the third-party duckduckgo_search package and assumes python is available. The skill does not declare that dependency or provide installation steps — a practical omission rather than an outright malicious indicator.
Credentials
The SKILL.md states Tier 1 "requires Brave API key" and Tier 3 requires a logged-in claude.ai browser, but the registry metadata lists no required environment variables, credentials, or config paths. In addition, the skill will write cached search results to memory/research/ without declaring that path as required. Requesting/using a Brave API key and access to browser sessions would be proportional for this functionality, but they must be declared — their absence is a red flag.
Persistence & Privilege
always:false and normal autonomous invocation are used. The only persistence explicitly described is auto-creating and writing search cache files under memory/research/. Writing user data to disk is within reason for caching, but users should be warned about what gets stored and where. The skill does not request system-wide or other-skills configuration changes.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install web-claude
  3. After installation, invoke the skill by name or use /web-claude
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.1.0
Updated version
v1.0.0
- Initial release of unified web search skill with 3-tier fallback: Brave API → DuckDuckGo → claude.ai browser. - Automatically caches all search results to memory/research/ with detailed metadata and insights. - Supports custom search parameters: freshness, language, country, and method selection. - Offers usage guidance, fallback logic, integration tips for other skills, and troubleshooting. - No API key required for DuckDuckGo or claude.ai browser fallback methods.
Metadata
Slug web-claude
Version 1.1.0
License
All-time Installs 25
Active Installs 24
Total Versions 2
Frequently Asked Questions

What is web-claude?

Unified web search skill. Fallback order — web_search(Brave) → duckduckgo → claude.ai. Auto-cache search results (saved to memory/research/). It is an AI Agent Skill for Claude Code / OpenClaw, with 2146 downloads so far.

How do I install web-claude?

Run "/install web-claude" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is web-claude free?

Yes, web-claude is completely free (open-source). You can download, install and use it at no cost.

Which platforms does web-claude support?

web-claude is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created web-claude?

It is built and maintained by mupengi-bot (@mupengi-bot); the current version is v1.1.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments