← 返回 Skills 市场
481
总下载
0
收藏
2
当前安装
1
版本数
在 OpenClaw 中安装
/install searxng-docker
功能描述
Search the web using a local SearXNG instance (privacy-respecting metasearch engine). Use when user asks to search, look something up, "搜索", "搜一下", "查一下", or...
安全使用建议
This skill appears to do what it says: run a local SearXNG container and query it with a simple Python client. Before installing, ensure you have Docker/Docker Compose and review the Docker image (searxng/searxng:latest) if you want to limit supply-chain risk—consider pinning to a specific release tag. Change the placeholder secret (SKILL.md shows an openssl-based sed command) and verify the settings.yml you bind into the container. The service is bound to localhost by default (127.0.0.1:8888) which limits remote exposure; if you change networking, be mindful of who can reach the port. Finally, the included Python script only issues local HTTP requests and prints results; no credentials are requested or exfiltrated.
功能分析
Type: OpenClaw Skill
Name: searxng-docker
Version: 1.0.0
The `scripts/searxng_search.py` script allows specifying an arbitrary `--base-url` for the SearXNG instance without validation. This creates a Server-Side Request Forgery (SSRF) vulnerability if an AI agent can be prompted to execute the script with a malicious or internal URL, potentially allowing it to access internal network resources or other services on the host machine. While the skill's stated purpose is to use a local instance, the lack of validation for this argument makes it a significant security flaw. No other clear indicators of intentional malice (e.g., data exfiltration, persistence, obfuscation, or direct prompt injection for harmful actions) were found.
能力评估
Purpose & Capability
Name/description, docker compose, settings.yml, and the Python client all align: the skill is for running and querying a self-hosted SearXNG instance. Nothing in the repo asks for unrelated services or credentials.
Instruction Scope
SKILL.md instructs only to run Docker Compose, edit the local settings, generate a local secret, and call the local HTTP JSON API. The runtime instructions do not read or transmit unrelated system files or environment variables.
Install Mechanism
There is no installer; the skill is instruction-only but uses a Docker image: searxng/searxng:latest (pulled from Docker Hub). Pulling 'latest' is standard but has supply-chain implications—pinning to a release tag would be safer.
Credentials
No required environment variables, credentials, or external secrets are requested. The only environment shown is the container's SEARXNG_BASE_URL set to a localhost URL—appropriate for the stated purpose.
Persistence & Privilege
always is false and the skill does not request elevated agent privileges. Running docker compose will create a local container (expected for a self-hosted service); the compose file drops most capabilities and only adds minimal ones.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install searxng-docker - 安装完成后,直接呼叫该 Skill 的名称或使用
/searxng-docker触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release: self-hosted SearXNG search with Docker Compose setup and Python search script
元数据
常见问题
SearXNG Docker 是什么?
Search the web using a local SearXNG instance (privacy-respecting metasearch engine). Use when user asks to search, look something up, "搜索", "搜一下", "查一下", or... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 481 次。
如何安装 SearXNG Docker?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install searxng-docker」即可一键安装,无需额外配置。
SearXNG Docker 是免费的吗?
是的,SearXNG Docker 完全免费(开源免费),可自由下载、安装和使用。
SearXNG Docker 支持哪些平台?
SearXNG Docker 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 SearXNG Docker?
由 triwinds(@triwinds)开发并维护,当前版本 v1.0.0。
推荐 Skills