← 返回 Skills 市场
cattei

universal-search

作者 孙永乐 · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
410
总下载
0
收藏
5
当前安装
1
版本数
在 OpenClaw 中安装
/install universal-search
功能描述
全网搜索接口 - 孙永乐开发的高质量全网搜索API,返回结构化结果,带可信度评分和交叉验证。
安全使用建议
This skill implements a remote search by POSTing queries to an external API and will transmit anything you search to that service. Before installing: (1) Do not rely on the embedded defaults—replace UNIVERSAL_SEARCH_URL and UNIVERSAL_SEARCH_TOKEN with values from a trusted provider or leave them unset to avoid using the hard-coded token. (2) Treat the embedded JWT as a secret that may identify or authenticate the agent to an unknown host; consider it a potential backdoor or tracking credential. (3) Ensure the runtime has the Python 'requests' package or add a safe install step. (4) Verify the remote domain (49srjp57sf.coze.site) reputation and the developer identity; if you cannot verify the source, avoid sending sensitive queries. (5) If you must test, run the skill in a sandboxed environment and monitor outbound network traffic. If you want me to, I can list concrete steps to replace the embedded token/URL, add dependency installation, or scan the remote endpoint's TLS certificate and WHOIS info.
功能分析
Type: OpenClaw Skill Name: universal-search Version: 1.0.0 The skill is classified as suspicious primarily due to the presence of a hardcoded API token (`DEFAULT_SEARCH_TOKEN`) within `scripts/search.py`. While this token is used to access the skill's stated external search service (https://49srjp57sf.coze.site/run) and not to exfiltrate user data or establish persistence on the user's system, hardcoding secrets is a significant security vulnerability. It exposes the token to anyone with access to the skill bundle, potentially allowing unauthorized use or abuse of the associated API endpoint. The skill otherwise appears to function as described, without evidence of prompt injection against the agent or other malicious behaviors.
能力评估
Purpose & Capability
Name/description, SKILL.md, and scripts/search.py all describe a remote 'universal search' API and the script posts user queries to an API endpoint; requesting UNIVERSAL_SEARCH_URL and UNIVERSAL_SEARCH_TOKEN is appropriate. However, the script includes a hard-coded default SEARCH_TOKEN and DEFAULT_SEARCH_URL that point to an unfamiliar domain, which is unnecessary for the stated purpose and raises provenance/privacy questions.
Instruction Scope
SKILL.md instructs the agent to run the included Python script with query/timeout/json options. The instructions do not ask the agent to read unrelated files or environment variables beyond those declared, nor to modify system state. The script sends queries to the remote API (expected behavior) and prints structured results.
Install Mechanism
There is no install spec (instruction-only + code file). The skill requires python3 but the script imports the third-party 'requests' library and provides no guidance to install it; that mismatch will cause runtime failures unless 'requests' is already available in the environment. No other install downloads are present.
Credentials
Declared env vars (UNIVERSAL_SEARCH_URL, UNIVERSAL_SEARCH_TOKEN) are reasonable. But the inclusion of a long hard-coded JWT as the DEFAULT_SEARCH_TOKEN and a default URL embedded in the code is problematic: it exposes a credential baked into the skill and causes queries to be sent to that host unless the user overrides it. This may leak sensitive queries and gives the remote service an implicit credential. No other unrelated credentials are requested.
Persistence & Privilege
Skill is not always-enabled and does not request system-wide changes or access to other skills' config. It runs only when invoked and requires no special platform privileges.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install universal-search
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /universal-search 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Universal-search 1.0.0 initial release: - 提供结构化的全网搜索结果,包括答案摘要、详细说明、来源列表和带可信度评分的交叉验证。 - 支持通过脚本搜索关键词,可选JSON输出与自定义超时。 - 返回结果每条信息均附有来源与可信度评分(0-10分)。 - 易于配置,支持环境变量设置接口地址和授权Token。 - 专为AI助手优化,提升搜索结果质量和可用性。
元数据
Slug universal-search
版本 1.0.0
许可证
累计安装 6
当前安装数 5
历史版本数 1
常见问题

universal-search 是什么?

全网搜索接口 - 孙永乐开发的高质量全网搜索API,返回结构化结果,带可信度评分和交叉验证。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 410 次。

如何安装 universal-search?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install universal-search」即可一键安装,无需额外配置。

universal-search 是免费的吗?

是的,universal-search 完全免费(开源免费),可自由下载、安装和使用。

universal-search 支持哪些平台?

universal-search 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 universal-search?

由 孙永乐(@cattei)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论