← 返回 Skills 市场
Openclaw Search Pro
作者
williamwg2025
· GitHub ↗
· v0.1.6
· MIT-0
1131
总下载
0
收藏
0
当前安装
7
版本数
在 OpenClaw 中安装
/install openclaw-search-pro
功能描述
OpenClaw 搜索增强工具 - 多引擎聚合搜索,获取最新信息。 支持免费搜索引擎(必应/搜狗/360)+ 可选 API(Tavily/百度/Google)。 内容提取、结果去重、智能排序。安全内网访问检查。 关键词:openclaw, search, web, research, productivity,...
安全使用建议
What to check before installing:
- Inspect the actual scripts (scripts/multi-search.* and scripts/extract.*) before running. Confirm where HTTP requests are sent and that no unrecognized third‑party endpoints are called.
- Verify extract.py/js SSRF protections by reading the code that does IP/DNS checks; do not assume the comments are correct. Look for DNS resolution + address comparison logic and ensure it uses safe libraries and fails closed.
- Search the codebase for hardcoded remote endpoints, webhooks, or short URLs. If found, verify their purpose and ownership.
- The package includes a large vendor tree (node_modules) and a venv. That increases audit surface—prefer running in an isolated sandbox/container or ephemeral VM the first time.
- The SKILL.md contained suspicious patterns (base64/unicode control chars). Open the SKILL.md in a plain text editor and remove any hidden characters; confirm there are no hidden instructions or encoded payloads.
- Do not paste API keys into files until you confirm the storage path and behavior; prefer environment variables as advised (export TAVILY_API_KEY=...) and set file permissions (chmod 600) if storing locally.
- If you rely on this skill for sensitive environments, run it in a network‑restricted sandbox and monitor outbound traffic the first time it runs.
Why this is 'suspicious' not 'malicious': The code and dependencies align with the stated search/extraction purpose, and no obvious exfiltration code or download URLs were found in the manifest excerpt. However, contradictory documentation, vendor artifacts, and prompt‑injection patterns in the SKILL.md create ambiguity that requires human review before trusting the package or any secrets.
功能分析
Type: OpenClaw Skill
Name: openclaw-search-pro
Version: 0.1.6
The skill bundle contains a significant discrepancy between its documentation and its actual contents. While SKILL.md describes a Python-based search tool and lists several Python scripts (e.g., multi-search.py, extract.py), these files are entirely missing from the bundle. Instead, the bundle is populated with a large Node.js node_modules directory containing libraries like axios and cheerio. While these libraries appear to be legitimate versions, their inclusion in a skill documented as Python-only is highly irregular and constitutes unnecessary bloat or a potential vector for unvetted execution. The meta.json also contains a future-dated timestamp (2026).
能力评估
Purpose & Capability
The code and dependencies (axios/undici, cheerio, scripts for multi‑search and extract) are consistent with a web search/HTML extraction tool. However the metadata and docs contain contradictory claims: SKILL.md/README say “no install spec / install included scripts only / OpenClaw provides Node.js so no Python needed” while the bundle contains both a large node_modules tree, package.json, package-lock, Python scripts, and a venv folder. The package.json declares Node engine constraints (>=20.18.1) not asserted in SKILL.md. The mixture of Node and Python artifacts and contradictory README lines (e.g., English README claiming “Scripts run locally - No network calls (unless specified)” vs. the SKILL.md explicitly requiring outbound HTTPS) is inconsistent and should be clarified.
Instruction Scope
SKILL.md tells the agent to run included scripts and claims no file writes and explicit SSRF checks in extract.py. The package does include extract scripts, but the pre-scan detected prompt‑injection patterns (base64 block and unicode control chars) inside SKILL.md which could indicate an attempt to influence evaluators or instructions. Also some documentation statements contradict network/file behavior (English README downplays network calls). The instructions do not list any explicit exfil endpoints, but because the scripts perform web requests and the bundle includes both Node and Python implementations, you should inspect scripts/multi-search.* and scripts/extract.* to confirm the claimed SSRF protections and ensure no unexpected file reads/writes or outbound requests to unknown endpoints occur.
Install Mechanism
The skill is marked as instruction‑only (no install spec), yet the bundle includes a full node_modules tree and a venv. There are no download URLs or installer steps beyond 'npm install' suggested in README. Having dependencies vendored in the package reduces network install risk but increases surface area to audit (many third‑party packages included). No remote binary downloads or short/obfuscated URLs were found in the provided manifest.
Credentials
The skill does not require any declared environment variables; optional API keys (TAVILY, Baidu, Bing, Google) are supported and described. That is proportional to a multi‑engine search tool. The README recommends storing API keys locally or via environment variables — good practice. There are no unrelated secrets requested.
Persistence & Privilege
The skill does not request 'always: true' and uses default autonomous invocation settings. It declares local config path (~/.openclaw/workspace/skills/search-pro/config/search-config.json) for optional API keys. There is no evidence it modifies other skills or system settings.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install openclaw-search-pro - 安装完成后,直接呼叫该 Skill 的名称或使用
/openclaw-search-pro触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.6
**Summary: Initial npm dependencies added to support new functionality.**
- Integrated external npm libraries (`node_modules/`), including axios and asynckit.
- Added 1145 new files for package dependencies and supporting modules.
- Updated Python search/extract scripts and documentation (README.md).
- Enhanced or prepared for enhanced search and extraction capabilities using new libraries.
- No breaking changes to usage or command interface.
v0.1.5
**Changelog for openclaw-search-pro v0.1.5**
- Added an English-language README file (README_EN.md) for broader accessibility.
- Updated SKILL metadata and tags to clarify supported search engines and improve discoverability.
- Improved README and documentation structure and wording.
- No functional changes to core scripts; updates are documentation and metadata focused.
v0.1.4
- Enhanced security checks in scripts/extract.py to block internal IPs, hostnames, and suspicious domains.
- Updated documentation: API key configuration is now unified in config/search-config.json (api-keys.json removed).
- README and SKILL.md updated with stricter safety policies and clearer API key setup instructions.
- No changes to command usage or major features.
v0.1.3
- Improved documentation: clarified file access paths and updated usage/security instructions in SKILL.md and README.md.
- Added explicit note that search history is not saved automatically in this version.
- Updated script table to indicate file write operations are not performed.
- Enhanced security section: emphasized local-only file storage, no local file reads by extract.py, and added checks to prevent intranet access.
- Version incremented to 1.0.2 in documentation.
v0.1.2
Version 0.1.2
- Updated SKILL.md: clarified that network access is required, listed scripts and their network permissions, and added detailed security and API key instructions.
- Revised feature list: content extraction now limits to URL content, and multi-engine options are updated to reflect free/public sources.
- Updated README and script references for consistency with the above changes.
v0.1.1
Search Pro 0.1.1 introduces enhanced documentation, new scripts, and security notes:
- Added detailed API and usage guides (README.md, BAIDU-API-GUIDE.md).
- Introduced multiple new scripts: baidu_search.py, custom_search.py, extract.py, fallback_search.py, free_search.py, and multi-search.py for various search and extraction tasks.
- Provided a default configuration file (search-config.json).
- Updated SKILL.md with security explanations, clarified installation paths, and included license/author/version information.
- All core scripts now structured to run locally and securely without external dependencies.
v0.1.0
Initial release of Search Pro – a powerful tool for enhanced multi-engine search and content extraction.
- Supports aggregate search across Tavily, Bing, and Google.
- Extracts content from URLs, PDFs, and documents.
- Features intelligent deduplication and result sorting.
- Includes search history and favorites functionality.
- Provides search quality analysis.
元数据
常见问题
Openclaw Search Pro 是什么?
OpenClaw 搜索增强工具 - 多引擎聚合搜索,获取最新信息。 支持免费搜索引擎(必应/搜狗/360)+ 可选 API(Tavily/百度/Google)。 内容提取、结果去重、智能排序。安全内网访问检查。 关键词:openclaw, search, web, research, productivity,... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1131 次。
如何安装 Openclaw Search Pro?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install openclaw-search-pro」即可一键安装,无需额外配置。
Openclaw Search Pro 是免费的吗?
是的,Openclaw Search Pro 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Openclaw Search Pro 支持哪些平台?
Openclaw Search Pro 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Openclaw Search Pro?
由 williamwg2025(@williamwg2025)开发并维护,当前版本 v0.1.6。
推荐 Skills