← 返回 Skills 市场
110
总下载
0
收藏
0
当前安装
5
版本数
在 OpenClaw 中安装
/install power-search
功能描述
Self-hosted research tool combining Brave Search API + Browserless content fetching. Search the web with optional full-page content extraction and HTML parsing.
安全使用建议
This skill appears to implement the advertised Brave Search + Browserless fetcher, but check a few things before installing:
- Expect to set BRAVE_API_KEY in your environment; the registry metadata omitted this. Do not proceed without providing the key deliberately.
- Prefer running Browserless locally (as the docs recommend). If you set BROWSERLESS_HOST to a remote service, that remote host will receive the HTML content of pages the skill fetches — treat that as sensitive.
- The package includes a placeholder git clone URL and no homepage/source; verify the canonical source (repository URL) and authenticity before trusting the package.
- Review the included scripts (brave-search.js, browserless.js, telegram-handler.js) yourself to confirm they match your expectations; the code is plain JS and relatively small to audit.
- If you plan to expose this as a Telegram-commandable skill to others, be aware it will fetch arbitrary URLs discovered from search results — consider rate-limiting, content sanitization, and restricting which sites can be fetched to reduce misuse or accidental access to internal resources.
Given the mismatches and the ability to fetch arbitrary pages, treat this as suspicious until you confirm the source and configure Browserless/keys securely.
功能分析
Type: OpenClaw Skill
Name: power-search
Version: 2.1.2
The power-search skill is a legitimate web research tool that integrates the Brave Search API with a Browserless instance for content extraction. The codebase is transparent, well-documented, and follows security best practices by utilizing environment variables for sensitive API keys. Analysis of the JavaScript files (scripts/brave-search.js, scripts/browserless.js, etc.) reveals no evidence of data exfiltration, malicious execution, or hidden prompt injection; the tool's behavior is strictly aligned with its stated purpose of searching and parsing web content.
能力评估
Purpose & Capability
The code, SKILL.md, and package manifest implement a CLI + Telegram handler that calls Brave Search and a Browserless instance — this matches the description. However the registry metadata claims no required env vars/binaries while SKILL.md and the runtime code require Docker, Node, npm and a BRAVE_API_KEY. That mismatch (required secret/runtime dependency omitted from registry) is an incoherence that could mislead users about what credentials/install steps are needed.
Instruction Scope
SKILL.md describes installing Docker/Browserless, setting BRAVE_API_KEY, and using the 'search' CLI or Telegram integration — and the code follows those instructions. The handler and runners fetch external URLs and POST to the configured Browserless host. The instructions assume a local Browserless, but nothing in the code prevents BROWSERLESS_HOST being set to a remote host, which would redirect fetches to an external endpoint. Also SKILL.md references a placeholder GitHub clone URL ('yourusername'), while the skill's Source/Homepage are unknown — that's an inconsistency in distribution instructions.
Install Mechanism
The skill is listed as instruction-only (no install spec) but the bundle includes code files and a package.json (with a 'search' binary). Installation guidance relies on clawhub or git+npm install and running Docker for Browserless. There is no remote binary download or obfuscated installer — lower install risk — but the missing canonical source/homepage and placeholder git URL reduce transparency.
Credentials
The runtime code requires a sensitive environment variable BRAVE_API_KEY (and optionally BROWSERLESS_HOST/PORT). The skill registry metadata did not declare any required env vars, creating an omission. The Telegram integration does not request Telegram credentials (which is fine if the platform routes messages), but the BRAVE_API_KEY is essential and sensitive and should have been declared. Additionally, because Browserless will fetch arbitrary URLs, if BROWSERLESS_HOST is set to a remote/attacker-controlled host it could be used to relay or exfiltrate fetched content — the documentation suggests local Browserless but the code allows any host.
Persistence & Privilege
The skill does not request 'always: true' or other elevated platform privileges. It is user-invocable and can be invoked autonomously by the agent (default), which is normal. The code does not attempt to modify other skills or system-wide agent settings.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install power-search - 安装完成后,直接呼叫该 Skill 的名称或使用
/power-search触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v2.1.2
Add SECURITY.md addressing VirusTotal false positives and transparency documentation
v2.1.1
Add .env.example and .gitignore to prevent accidental credential commits
v2.1.0
Security fix: removed hardcoded API key. Requires BRAVE_API_KEY environment variable.
v2.0.1
Remove hardcoded API keys - require environment variables for security
v2.0.0
Self-hosted Brave Search + Browserless integration with Telegram support
元数据
常见问题
Power Search 是什么?
Self-hosted research tool combining Brave Search API + Browserless content fetching. Search the web with optional full-page content extraction and HTML parsing. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 110 次。
如何安装 Power Search?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install power-search」即可一键安装,无需额外配置。
Power Search 是免费的吗?
是的,Power Search 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Power Search 支持哪些平台?
Power Search 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Power Search?
由 Church(@churchtg7)开发并维护,当前版本 v2.1.2。
推荐 Skills