← 返回 Skills 市场
Naver Search
作者
downwind7clawd-ctrl
· GitHub ↗
· v1.0.4
417
总下载
0
收藏
1
当前安装
4
版本数
在 OpenClaw 中安装
/install naver-search
功能描述
Modularized Naver Search. Features separate scripts for Web, News, Shopping, and Images. Integrates SerpAPI specialized parameters.
安全使用建议
This package implements the advertised Naver/SerpAPI searches, but there are two issues to consider before installing:
- Metadata mismatch: the skill requires SERPAPI_API_KEY (and reads .env) but the registry did not declare this required credential. Confirm you are comfortable providing a SerpAPI key and that the publisher should have declared it.
- Import path change: lib/naver_base.py injects the user's site-packages path at the start of sys.path. That can cause local/user-installed packages to be imported in place of system packages (a supply-chain/namespace shadowing risk). Consider reviewing the code locally, running in a sandbox, or removing the sys.path modification before use.
- Operational safety: store the API key in a dedicated, least-privilege SerpAPI account, protect the .env file (chmod 600), and inspect or run the scripts in an isolated environment if you don't trust the publisher. Ask the publisher to update registry metadata to list SERPAPI_API_KEY and to explain why user_site is prepended to sys.path.
功能分析
Type: OpenClaw Skill
Name: naver-search
Version: 1.0.4
The skill is designed to perform Naver searches via SerpAPI, which aligns with its stated purpose. It uses `SERPAPI_API_KEY` from environment variables or a `.env` file for its intended function. While storing API keys in a `.env` file can be a vulnerability if file permissions are not properly secured (as noted in `lib/naver_base.py`), the skill itself does not attempt to exfiltrate this key or any other sensitive data. The `scripts/naver_search.py` uses `subprocess.run` to execute other Python scripts within the same bundle, passing arguments as a list, which prevents shell injection from the query parameter. No evidence of prompt injection, obfuscation, or other malicious intent was found in any of the files, including `SKILL.md` and `README.md`.
能力评估
Purpose & Capability
Name/description match the provided code: scripts cover web, news, shopping, images, video, booking and call SerpAPI. However the skill metadata declares no required environment variables or primary credential while both SKILL.md and code require SERPAPI_API_KEY. That mismatch (code needs an API key but the registry doesn't declare it) is an incoherence a user should be shown.
Instruction Scope
SKILL.md instructs running the included scripts and storing SERPAPI_API_KEY in an .env file—this aligns with the code. The code adds the user's site-packages path to sys.path (inserting it at index 0) before importing serpapi, which is not documented in SKILL.md and can allow importing user-controlled packages that shadow standard packages. The aggregator uses subprocess.run to call local scripts and parses their stdout as JSON; this is expected but means script outputs are trusted without strong validation.
Install Mechanism
There is no automated install spec (no downloads). A requirements.txt lists only 'serpapi' and README suggests pip install -r requirements.txt — this is low-to-moderate friction and traceable. No suspicious external URLs or archive extracts are present.
Credentials
The only runtime secret required is SERPAPI_API_KEY (declared in SKILL.md and used by lib/naver_base.py). However the registry metadata did not list any required env vars or primary credential, which is inconsistent and potentially misleading. The code will read a top-level .env file if the env var is absent; that file could contain other secrets if users reuse it. No other unrelated credentials are requested.
Persistence & Privilege
The skill is not always-enabled and does not request elevated or persistent system privileges. It does not attempt to modify other skills or system-wide settings; autonomous invocation is allowed (the platform default) but not combined with always:true.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install naver-search - 安装完成后,直接呼叫该 Skill 的名称或使用
/naver-search触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.4
네이버 뉴스 검색 최적화: 시간 옵션 사용 시 검색어 보강 로직 개선, 기본 검색 결과 유지
v1.0.3
Bug fixes: naver_news.py options working perfectly, naver_search.py integrated results fully, naver_booking.py module path fixed
v1.0.1
API 키 예제 수정 (실제 키 제거)
v1.0.0
네이버 통합검색, 뉴스, 쇼핑, 이미지 검색 기능. SerpAPI 기반. 모듈화 완료.
元数据
常见问题
Naver Search 是什么?
Modularized Naver Search. Features separate scripts for Web, News, Shopping, and Images. Integrates SerpAPI specialized parameters. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 417 次。
如何安装 Naver Search?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install naver-search」即可一键安装,无需额外配置。
Naver Search 是免费的吗?
是的,Naver Search 完全免费(开源免费),可自由下载、安装和使用。
Naver Search 支持哪些平台?
Naver Search 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Naver Search?
由 downwind7clawd-ctrl(@downwind7clawd-ctrl)开发并维护,当前版本 v1.0.4。
推荐 Skills