← 返回 Skills 市场
279
总下载
1
收藏
0
当前安装
4
版本数
在 OpenClaw 中安装
/install curlsearch
功能描述
Web search using curl + multiple search engines (Baidu, Google, Bing, DuckDuckGo). Activates when user asks to search, look up, or query something online. In...
使用说明 (SKILL.md)
Curl Search Skill
Web search using curl + multiple search engines. This skill provides a lightweight alternative when dedicated search APIs are unavailable.
Supported Search Engines
| Engine | Alias | Description |
|---|---|---|
| Baidu | bd | Fast for China, default option |
| g | Requires proxy/VPN in China | |
| Bing | b | Microsoft Bing |
| DuckDuckGo | ddg | Privacy-focused search |
Usage Examples
Search for OpenClaw tutorial
Google search AI development
Find Python tutorials with bing
Requirements
- curl - Command-line HTTP client
- python3 - For URL encoding
Security Features
This skill includes several security enhancements:
1. Input Sanitization
Removes dangerous shell metacharacters that could be exploited:
sanitize_input() {
local input="$1"
echo "$input" | sed 's/[^a-zA-Z0-9 \_\-\.\~\x{4e00}-\x{9fff}]//g'
}
2. Command Injection Protection
- Validates search engine selection
- Restricts max results to 1-50
- Checks for empty input after sanitization
3. URL Encoding
Uses Python's urllib.parse with safe='' parameter to properly encode special characters.
Installation
# Install via ClawHub
clawhub install curl-search
# Or manually
cd your-skills-dir
tar -xzf curl-search.tar.gz
Configuration
Set default search engine:
export SEARCH_ENGINE=google
Set max results:
export MAX_RESULTS=5
Limitations
- Search results come from public search engines
- May be blocked by anti-scraping measures
- Google requires proxy/VPN in China
Version History
- 2.0.0 - Security enhancements added
- Input sanitization
- Command injection protection
- URL encoding improvements
- 1.0.0 - Initial release
安全使用建议
This skill appears to do what it says (fetch search results with curl). Before installing or running it: 1) review and test the script in a safe/sandboxed environment; the sanitize implementation may not work on all systems (the sed Unicode syntax is non-portable) and the way the query is inlined into the python -c call is fragile — recommend changing the python invocation to accept the query as an argv (e.g., python3 -c 'import sys,urllib.parse; print(urllib.parse.quote(sys.argv[1], safe=""))' -- "$input") to avoid shell interpolation issues; 2) be aware your queries are sent to external search engines (privacy/exfiltration risk) and scraping may trigger anti-bot measures; 3) if you rely on this in production, consider hardening input handling or using official search APIs and rate-limiting. If you want, I can suggest specific, safer code changes for the sanitize and encode functions.
功能分析
Type: OpenClaw Skill
Name: curlsearch
Version: 2.0.0
The curlsearch skill is a legitimate utility for performing web searches via curl across multiple engines (Baidu, Google, Bing, DuckDuckGo). The implementation in scripts/search.sh includes proactive security measures such as input sanitization via a whitelist-based sed command and URL encoding using python3. While the Python-based encoding logic could theoretically be vulnerable to injection, the script correctly applies the sanitizer beforehand to remove dangerous characters. No evidence of data exfiltration, persistence, or malicious intent was found.
能力评估
Purpose & Capability
Name/description, SKILL.md requirements (curl, python3), and the included scripts align: the skill fetches search engine pages with curl and processes results locally. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
SKILL.md and scripts stay within the stated scope (perform web searches and return textual snippets). However, the provided sanitization and encoding have implementation weaknesses: the sed expression uses \x{4e00}-\x{9fff} (Unicode escape syntax that many sed variants do not support), and the script embeds the sanitized query directly inside a python -c string for URL encoding rather than passing it as an argument — if sanitization fails (or on different sed implementations) this could allow unexpected characters to reach the shell/python invocation. The script also performs network requests to third-party search engines (expected for this skill).
Install Mechanism
No install spec (instruction-only) and only relies on standard system binaries (curl, python3). This is low-risk from an installation perspective because nothing is downloaded or executed during install.
Credentials
No required secrets or credentials. Optional env vars (SEARCH_ENGINE, MAX_RESULTS) are reasonable and proportional to the skill's function.
Persistence & Privilege
Skill is not always-enabled and doesn't request elevated or persistent system-wide configuration. It does not attempt to modify other skills or agent settings.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install curlsearch - 安装完成后,直接呼叫该 Skill 的名称或使用
/curlsearch触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v2.0.0
Version 2.0.0 – Major security and usability update
- Added input sanitization, command injection protection, and robust URL encoding for improved security.
- Expanded requirements and OS support metadata for better compatibility.
- Enhanced documentation with detailed usage examples, configuration options, and security feature explanations.
- Included author and license information.
- Updated version history and structured supported search engines in a table for clarity.
v1.0.2
- Added sanitize_input() function to remove dangerous shell characters
- Added URL encoding with safe='' parameter
- Added search engine validation
- Added max results validation (1-50)
- Added empty input check after sanitization
v1.0.1
- Added _meta.json file to enhance skill metadata management.
- No changes to user-facing features or functionality.
v1.0.0
Web search skills achieved using curl and multiple search engines
元数据
常见问题
curl-search 是什么?
Web search using curl + multiple search engines (Baidu, Google, Bing, DuckDuckGo). Activates when user asks to search, look up, or query something online. In... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 279 次。
如何安装 curl-search?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install curlsearch」即可一键安装,无需额外配置。
curl-search 是免费的吗?
是的,curl-search 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
curl-search 支持哪些平台?
curl-search 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 curl-search?
由 bluejoy34(@bluejoy34)开发并维护,当前版本 v2.0.0。
推荐 Skills