← 返回 Skills 市场

Smart Search

Name: Smart Search
Author: lee920311

作者 Lee920311 · GitHub ↗ · v4.1.0 · MIT-0

cross-platform ⚠ suspicious

593

总下载

当前安装

版本数

在 OpenClaw 中安装

/install smart-search

功能描述

免费无限搜索！Exa MCP（主力·零配置）+ SearX（隐私）+ Tavily（AI 摘要），面向大众，无需 API Key。

安全使用建议

What to check before installing/running Smart Search: - Metadata mismatch: SKILL.md mentions SEARXNG_URL and TAVILY_API_KEY while registry metadata says no env vars; confirm whether you must set any env vars for your use-case (Tavily is optional; Exa MCP requires no key). - Review ~/.openclaw/.env before running: search.sh 'sources' that file and, as a fallback, exports every key=value it contains. Only put the variables you intend (TAVILY_API_KEY, SEARXNG_URL) there — do not store unrelated secrets (AWS keys, SSH keys) in that .env. - Network/privacy: the skill will send your query text to external services (https://mcp.exa.ai and optionally https://api.tavily.com). Do not use it to search sensitive personal, corporate, or secret information unless you have a trusted local SearX instance and force queries there. - Inspect scripts yourself (search.sh, deploy-searx.sh, publish.sh). They are short and readable; if you are uncomfortable running them, run them in an isolated environment or container first. - If you need strong privacy guarantees, deploy the provided local SearX and set SEARXNG_URL to the localhost instance before using the skill. If you want, I can: - Point out the exact lines in search.sh that read .env and call remote endpoints - Summarize network calls that will occur for a given query - Suggest a safe sequence of commands to run the skill in a sandboxed/containerized environment

功能分析

Type: OpenClaw Skill Name: smart-search Version: 4.1.0 The 'smart-search' skill is a search aggregator that intelligently routes user queries between Exa MCP, a local SearX instance, and Tavily based on the search intent (e.g., technical, privacy-sensitive, or AI-assisted research). The core logic in `search.sh` uses standard `curl` commands to interact with official API endpoints and `python3` for JSON parsing, while `deploy-searx.sh` provides a legitimate utility for local Docker-based deployment of SearX. No evidence of data exfiltration, unauthorized credential access, or malicious command execution was found; the extensive security documentation provided (`SECURITY.md`, `VETTING.md`) accurately reflects the transparent and functional nature of the code.

能力评估

ℹ Purpose & Capability

The code and scripts match the stated purpose (routing queries to Exa MCP, local SearX, and Tavily). Required binaries (curl, python3) and optional docker for SearX are reasonable for a search/aggregation skill. However the skill documentation and metadata are inconsistent: the top-level registry metadata lists no required env vars, SKILL.md's metadata lists SEARXNG_URL and TAVILY_API_KEY as required, and _meta.json marks them optional. The 'zero-config / no API key required' claim is true for Exa MCP but Tavily integration still needs a key if you want AI summaries — the messaging around 'zero-config' vs optional features is confusing and should be clarified.

ℹ Instruction Scope

Runtime instructions and scripts (search.sh, deploy-searx.sh) are narrowly scoped to building/using search results: they read ~/.openclaw/.env, call remote search endpoints, optionally deploy a local SearX instance via Docker, and output to terminal. There is no evidence the scripts read unrelated system paths (e.g., ~/.ssh, ~/.aws). Caveat: search.sh contains a fallback that exports all key=value pairs from ~/.openclaw/.env (export $(cat ~/.openclaw/.env | ... | xargs)), which will indiscriminately export any variables present in that file — review that file before running. Also note that networked queries are sent to third-party services (https://mcp.exa.ai and https://api.tavily.com) so search terms (which may include sensitive info) will be transmitted unless you force SearX/local mode.

✓ Install Mechanism

No install spec is provided (instruction-only install), which minimizes automatic disk writes. Code files are bundled and intended to be executed by the user/agent; deploy-searx.sh uses a public Docker image (searx/searx) and writes a local settings.yml in the skill directory. No downloads from obscure hosts or URL shorteners are used by the scripts themselves, though documentation contains an optional curl example to a public GitHub raw URL. Overall install mechanism is conventional but executing bundled scripts still carries normal code-execution risk.

⚠ Credentials

Requested credentials are limited to an optional TAVILY_API_KEY (for Tavily summaries) and an optional SEARXNG_URL (for a local SearX). That is appropriate for the stated integrations. However metadata inconsistencies (some files claim no required env, SKILL.md lists them as required, _meta.json marks them optional) create confusion. The skill's behavior of sourcing ~/.openclaw/.env (and falling back to exporting every KEY=VALUE line) means any secrets you place in that file will be available to the script environment; the author asserts keys are not uploaded, and Tavily calls use the key only in the Authorization header, but you should ensure you only store the intended variables in that .env file.

✓ Persistence & Privilege

The skill does not request 'always' privilege and does not modify other skills or system-wide configurations. deploy-searx.sh writes config under the skill directory and runs a Docker container (normal behavior for an optional local service). Nothing indicates the skill tries to gain persistent elevated privileges or to change other skills' settings.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install smart-search
安装完成后，直接呼叫该 Skill 的名称或使用 /smart-search 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v4.1.0

v4.1.0: SearX 1.1.0 + Tavily 双引擎架构，智能场景识别，一键部署

v4.0.1

v4.0.1: 安全优化 - 添加完整权限声明、安全白皮书、外部端点验证说明

v4.0.0

v4.0: Exa MCP 免费无限搜索，零配置，7 大类隐私保护关键词

v3.0.4

v3.0.4: Fixed English description. Set readme to SKILL.en.md for international users.

v3.0.3

v3.0.3: Fixed readme configuration for bilingual support. Added readme_en field for English documentation.

v3.0.2

v3.0.2: Security audit passed. Removed all placeholder keys. No hardcoded secrets. Safe for distribution. Triggering rescan.

v3.0.1

v3.0.1: Security audit passed. Removed all placeholder keys. No hardcoded secrets. Safe for distribution.

v3.0.0

v3.0.0: Added English support for global users. Bilingual documentation (EN/ZH). SearX 1.1.0 + Tavily dual-engine architecture.

v2.0.2

v2.0.2: 移除备用 Key 逻辑，简化配置，开箱即用

v2.0.1

v2.0.1: 修复环境变量加载问题，Tavily 检测逻辑优化

v2.0.0

v2.0.0: SearX 1.1.0 + Tavily 双引擎架构，智能场景识别，一键部署

v1.0.1

Security fix: removed cross-skill dependencies, now uses pure curl for Tavily API calls. Fixed environment variable loading to only read required variables instead of entire .env file.

v1.0.0

- Initial release of smart-search skill. - Automatically chooses between SearXNG and Tavily based on query type. - Implements a fallback: switches to Tavily if SearXNG is unstable. - Supports user-specified engine selection. - Designed to optimize both search quality and token usage for Chinese web queries.

元数据

Slug smart-search

版本 4.1.0

许可证 MIT-0

累计安装 15

当前安装数 15

历史版本数 13

常见问题

Smart Search 是什么？

免费无限搜索！Exa MCP（主力·零配置）+ SearX（隐私）+ Tavily（AI 摘要），面向大众，无需 API Key。它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 593 次。

如何安装 Smart Search？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install smart-search」即可一键安装，无需额外配置。

Smart Search 是免费的吗？

是的，Smart Search 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

Smart Search 支持哪些平台？

Smart Search 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Smart Search？

由 Lee920311（@lee920311）开发并维护，当前版本 v4.1.0。