← 返回 Skills 市场
309
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install search-viewer
功能描述
整合Fofa、Hunter、Shodan等空间测绘平台API,辅助渗透测试信息收集和资产发现的工具。
安全使用建议
This tool appears to be what it says (an OSINT GUI aggregator) but has several practical and security issues you should consider before installing:
- Verify the source repository and review the code (Search_Viewer.py and iconhash.py) yourself or with a trusted reviewer; the package owner is not clearly established here.
- The SKILL.md and _meta.json understate dependencies. Before running, inspect imports and install required libraries (shodan, mmh3, configobj, jsonpath, etc.), or run in a disposable environment (VM or container).
- API keys are stored in a local config.ini in plaintext. Do not use production/privileged credentials. Use throwaway or scoped API keys where possible and restrict file permissions (chmod 600). Rotate keys after use.
- The iconhash feature issues HTTP GET requests to user-supplied URLs. That can be abused to probe internal network services (SSRF-like behavior). Only query URLs you trust and consider running the app on an isolated network.
- If you plan to use this for sanctioned testing, ensure you have authorization for targets and comply with legal/regulatory requirements.
If you want to proceed: run the app in an isolated VM, confirm and install all actual Python dependencies found in the code, inspect network calls in the source, and avoid entering sensitive credentials until you are comfortable with the code.
功能分析
Type: OpenClaw Skill
Name: search-viewer
Version: 4.3.0
The skill bundle is a graphical OSINT (Open Source Intelligence) aggregator tool designed to query various network mapping platforms such as Fofa, Shodan, and Hunter. Analysis of the primary logic in Search_Viewer.py and iconhash.py confirms that the code performs legitimate API requests to these services and manages configuration data locally in a config.ini file. No evidence of data exfiltration, backdoors, or malicious prompt injection was found; the tool's behavior is consistent with its stated purpose as a reconnaissance utility for security professionals.
能力评估
Purpose & Capability
The code implements a desktop GUI aggregator for Fofa/Hunter/Shodan/Quake/Zoomeye (consistent with the description). However the metadata and SKILL.md list only pyside2 and requests while the code imports additional libraries (shodan, mmh3, configobj, jsonpath, configparser, etc.). This mismatch indicates the provided instructions and metadata are incomplete or out-of-sync with the actual code.
Instruction Scope
Runtime instructions tell the user to clone and run the app and to install only pyside2 and requests. The application reads and writes a local config.ini to store API keys (no encryption) and provides UI features that fetch arbitrary URLs (iconhash uses requests.get on user input). Storing API keys in plaintext and fetching arbitrary URLs (which can reach internal resources) are security-sensitive behaviors that the SKILL.md does not adequately warn about.
Install Mechanism
There is no automated install spec (lower platform install risk), but the SKILL.md's pip install line is incomplete relative to the code's imports. Users following the instructions will likely encounter missing-dependency errors or install the wrong set of packages.
Credentials
The skill does not request environment variables or external credentials in the metadata (appropriate). It does, however, require users to supply multiple third-party API keys via the GUI which are stored locally in config.ini in plaintext—this is functionally expected but worth noting because those keys grant network access and should be protected.
Persistence & Privilege
The skill is not marked always:true and does not request system-wide configuration or other skills' credentials. It runs as a local application and keeps configuration in a local file; it does not appear to claim elevated platform privileges.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install search-viewer - 安装完成后,直接呼叫该 Skill 的名称或使用
/search-viewer触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v4.3.0
- Initial public release: Search Viewer v4.3.0
- Aggregates multiple cyberspace reconnaissance platforms (Fofa, Hunter, Shodan, 360 Quake, Zoomeye)
- Supports asset discovery, port/service enumeration, subdomain collection, and fingerprint identification
- CLI usage guide, API key configuration, and query syntax examples included
- Emphasizes lawful, ethical use and outlines compliance considerations
元数据
常见问题
Search Viewer 是什么?
整合Fofa、Hunter、Shodan等空间测绘平台API,辅助渗透测试信息收集和资产发现的工具。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 309 次。
如何安装 Search Viewer?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install search-viewer」即可一键安装,无需额外配置。
Search Viewer 是免费的吗?
是的,Search Viewer 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Search Viewer 支持哪些平台?
Search Viewer 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Search Viewer?
由 Anonymous(@adminlove520)开发并维护,当前版本 v4.3.0。
推荐 Skills