Nimble Web Search

Real-time web intelligence powered by Nimble Search API. Perform intelligent web searches with 8 specialized focus modes (general, coding, news, academic, shopping, social, geo, location). This skill provides real-time search results when you need to search the web, find current information, discover URLs, research topics, or gather up-to-date data. Use when: searching for information, finding recent news, looking up academic papers, searching for coding examples, finding shopping results, discovering social media posts, researching topics, or getting latest real-time data.

What to check before installing/use: - Verify the API provider and endpoint: SKILL.md links to nimbleway.com for keys but the scripts call nimble-retriever.webit.live. Confirm that webit.live is a legitimate Nimbleway endpoint (ask the vendor or check their official docs/repo). Do not assume different domains are safe. - Expect to provide an API key: although the registry metadata omits required env vars, the skill will fail without NIMBLE_API_KEY. Decide where to store the key (environment variable vs. agent settings) and avoid placing production/long-lived keys in broadly readable config files. - Inspect network calls: the scripts send the key in Authorization headers to a third-party server and include tracking headers. If you’re concerned about telemetry or exfiltration, run the scripts in an isolated environment or capture network traffic to confirm behavior. - Least privilege and rotation: provision an API key with minimal privileges and rate limits where possible. If the key is ever exposed, rotate it immediately. - Confirm provenance: the skill's source is 'unknown' and homepage is missing. Prefer skills with a verifiable repository and published owner. If you proceed, try the validate-query.sh script with a throwaway key or in a sandbox first. - If anything looks suspicious (unexpected host, undocumented telemetry, or unclear ownership), do not supply your production API key and prefer alternatives with clear provenance. If you want, I can: (1) summarize the exact places to change if you want to re-point the endpoint to a different host, (2) produce a command to run the validation script in a sandboxed environment, or (3) craft minimal instructions for safely testing with a throwaway key.

Type: OpenClaw Skill Name: nimble-web-search Version: 0.1.0 The skill is a wrapper for the Nimble Search API. It requires a user-provided API key (`NIMBLE_API_KEY`) which it sends to the hardcoded `https://nimble-retriever.webit.live/search` endpoint via `curl` in `scripts/search.sh` and `scripts/validate-query.sh`. This behavior is explicitly documented and aligned with the skill's stated purpose. The `SKILL.md` contains directives to the agent to ensure proper configuration and usage of the skill, which are not malicious prompt injection attempts. No evidence of data exfiltration beyond the necessary API key for the service, malicious execution, persistence, or obfuscation was found. The use of `curl` is integral to the skill's function and not indicative of malicious intent in this context.