← 返回 Skills 市场
602
总下载
1
收藏
8
当前安装
3
版本数
在 OpenClaw 中安装
/install union-search-skill
功能描述
当用户需要跨多个平台搜索内容时使用此技能,包括 GitHub(仓库、代码、问题)、Reddit(帖子、子版块、用户)、小红书、抖音、Bilibili、YouTube、Twitter、微信(公众号文章)、Google、Tavily、秘塔搜索、火山引擎,以及通用搜索引擎(DuckDuckGo、Brave、Yahoo、...
安全使用建议
What to consider before installing or running this skill:
- Metadata and reality mismatch: the registry claims no env requirements and 'instruction-only', but the package contains many scripts and the ENV_TEMPLATE lists many sensitive API keys and cookies. Treat the skill as one that will try to access .env and call many external services.
- Do not run it in a production environment or with real credentials present. If you want to try it, run inside an isolated sandbox/container or VM and use throwaway API keys or minimal-permission keys.
- Inspect high-risk files first: ENV_TEMPLATE, SKILL.md, scripts/reddit/agents.py (very large), any '*.js' in dist/ (minified/compiled JS), and downloader modules (yt-dlp usage). Look for code that transmits data to unknown endpoints beyond the documented search APIs.
- Remove or sanitize .env before running, or create a .env with only the specific keys you intend to test. Never paste full raw JSON API responses into external chat sessions as SKILL.md recommends avoiding, but still be careful — saved responses may contain tokens/cookies.
- The SKILL.md contains detected obfuscation patterns (base64, unicode control chars). Manually open SKILL.md and the bundled JS files in a safe environment and search for any encoded or hidden strings and for hardcoded endpoints.
- Prefer obtaining the project from the upstream GitHub repo referenced in README and verify commit history and authorship; check if the registry copy is complete or truncated (README warns about size limits). If you must use the registry copy, expect missing files and audit what is present.
- If you lack the ability to review code, avoid installing this skill or only use it through a trusted intermediary service that can sandbox and review network traffic. Consider limiting network egress or using a proxy that logs and inspects outbound calls.
If you want, I can: (1) summarize which exact files reference which environment variables, (2) search the bundle for suspicious network endpoints or hardcoded credentials, or (3) extract and highlight the largest/minified files that need manual review.
功能分析
Type: OpenClaw Skill
Name: union-search-skill
Version: 1.2.0
The skill bundle is a comprehensive multi-platform search and media download aggregator. It provides a unified CLI to interact with over 30 platforms, including social media (TikTok, Douyin, Bilibili), developer communities (GitHub, Reddit), and AI-driven search engines (Tavily, Metaso). The code uses subprocess execution for external tools like yt-dlp and a local Node.js content extractor (Defuddle), and it manages API keys via environment variables. While it includes a hardcoded SerpAPI key in 'scripts/bing/bing_serpapi_search.py' as a fallback, there is no evidence of intentional malicious behavior, data exfiltration, or unauthorized access to sensitive user data.
能力评估
Purpose & Capability
The skill name/description (multi‑platform search) matches the included code, but the registry metadata claimed 'Required env vars: none' while the project clearly expects many credentials (ENV_TEMPLATE lists GITHUB_TOKEN, GOOGLE_API_KEY, YOUTUBE_API_KEY, TIKHUB_TOKEN, SERPAPI keys, VOLCENGINE_API_KEY, etc.). That mismatch is incoherent: a search tool that needs many third‑party API keys should declare them. Also SKILL.md says 'instruction-only' in registry but the bundle contains 150+ Python files and bundled Node 'dist' artifacts — the install/runtime footprint is far larger than metadata indicates.
Instruction Scope
SKILL.md instructs the agent to create and read a .env, run many scripts, save raw responses, download bulk images/videos, and use cookies/proxies for downloads. Those instructions are within the stated search/archival purpose, but they grant broad discretion to access and persist potentially sensitive tokens, cookies, and large amounts of fetched content. The SKILL.md also includes guidance to save raw API responses and to use grep/jq on them — which could lead to storing sensitive data locally (cookies, auth responses).
Install Mechanism
There is no install spec (so the skill is 'instruction-only' in registry), yet the package includes large third‑party Node distribution files (defuddle-node/dist/*), many Python modules, and README warns about a >50MB size and recommends downloading from an external GitHub repo. The presence of compiled/minified JS artifacts increases review burden because they are large and harder to audit; lack of an explicit, trusted install source is a moderate concern.
Credentials
Metadata said no required env vars, but ENV_TEMPLATE and code reference many sensitive environment variables (API keys, cookies, multiple SERPAPI keys, YTDLP_COOKIES_FILE, WEIBO_COOKIE, ZHIHU_COOKIE, etc.). Requesting many unrelated credentials (multiple search providers + cookies) without declaring them is disproportionate and risky: if the agent is allowed to read environment variables or a .env file, it will have access to a broad set of secrets not reflected in metadata.
Persistence & Privilege
always:false (good), but the skill is allowed to be invoked autonomously (default). Combined with the other concerns (undisclosed credentials, code bundle that saves raw responses and downloads media), autonomous invocation increases blast radius: the skill could read a .env, call many external services, and persist responses/downloads. The bundle also includes large scripts like reddit/agents.py which deserve manual inspection for autonomous behavior.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install union-search-skill - 安装完成后,直接呼叫该 Skill 的名称或使用
/union-search-skill触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.2.0
- 新增微信(公众号文章)搜索脚本(JS 版本),支持无需 API 搜索微信公众号文章。
- 文档和说明处同步增加对微信平台的支持,涵盖用法示例与入口导航。
- 项目结构、功能描述和命令行演示新增 wechat 相关模块内容。
- 其他平台、功能无变更。
v1.1.0
- Initial release of union-search-skill.
- Added unified multi-platform search scripts covering 20+ platforms (GitHub, Reddit, 小红书, 抖音, Bilibili, YouTube, Google, Twitter, and more).
- Included image download tool supporting 18 platforms, with metadata retention.
- Provided comprehensive documentation for each platform and tool in the scripts/ and references/ directories.
- Added centralized credential and configuration management via .env files.
- Implemented result filtering, sorting, batch download, and structured output options (Markdown, JSON).
v0.1.0
- 首次发布 union-search-skill 0.1.0,提供“一站式”多平台内容搜索与图片下载。
- 支持 20+ 内容平台与 18 个图片平台,统一接口标准,结构化输出,批量归档与下载。
- 丰富的搜索参数,支持过滤、排序、按需保存原始响应。
- 模块化设计,含详细文档与最佳实践、故障排查指引。
- 支持多种配置方式(参数、环境变量、配置文件),无需部分平台 API 密钥。
- 完备的项目结构与快速上手指南,便于用户高效管理与对比跨平台搜索结果。
元数据
常见问题
Union Search Skill 是什么?
当用户需要跨多个平台搜索内容时使用此技能,包括 GitHub(仓库、代码、问题)、Reddit(帖子、子版块、用户)、小红书、抖音、Bilibili、YouTube、Twitter、微信(公众号文章)、Google、Tavily、秘塔搜索、火山引擎,以及通用搜索引擎(DuckDuckGo、Brave、Yahoo、... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 602 次。
如何安装 Union Search Skill?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install union-search-skill」即可一键安装,无需额外配置。
Union Search Skill 是免费的吗?
是的,Union Search Skill 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Union Search Skill 支持哪些平台?
Union Search Skill 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Union Search Skill?
由 ZiJiE.Z(@runningz1)开发并维护,当前版本 v1.2.0。
推荐 Skills