← 返回 Skills 市场
WebSearch
作者
netobasilio
· GitHub ↗
· v1.0.0
1885
总下载
0
收藏
21
当前安装
1
版本数
在 OpenClaw 中安装
/install websearch
功能描述
Performs a web search using a local SearXNG instance and returns raw search results for the given query.
安全使用建议
This skill is coherent with its description, but it relies on the presence and behavior of /usr/local/bin/websearch and on a reachable SearXNG instance. Before installing/using it: 1) verify the binary's provenance (owner, checksum, and source) and inspect it if possible; 2) run the binary manually with test queries to confirm expected behavior; 3) ensure the SearXNG instance is the one you control (queries may be logged or forwarded); 4) confirm the OpenClaw sandbox and host network policies limit what that binary can do (to reduce exfiltration risk); and 5) consider wrapping or replacing the binary with a small vetted script that enforces input validation and restricts network/file access if you need stronger guarantees.
功能分析
Type: OpenClaw Skill
Name: websearch
Version: 1.0.0
The skill is classified as suspicious due to a potential shell injection vulnerability in `skill.yaml`. The user-provided `query` input is directly interpolated into the `args` array for the `/usr/local/bin/websearch` command without apparent sanitization or escaping. This could allow an attacker to inject arbitrary shell commands if the `websearch` executable or the underlying execution environment processes the argument string as a shell command, leading to Remote Code Execution (RCE).
能力评估
Purpose & Capability
The name/description state the skill will call a local websearch helper for SearXNG and the skill.yaml plus SKILL.md require and call /usr/local/bin/websearch. No unrelated credentials, binaries, or installs are requested.
Instruction Scope
Instructions strictly describe invoking the local websearch command with the query and returning raw results. This stays within scope, but the runtime executes an external binary under the host account: that binary (or the SearXNG instance it talks to) could access network, read files, or log/forward queries. The SKILL.md does not mandate input sanitization or additional checks.
Install Mechanism
No install spec is present (instruction-only), so nothing is written to disk by the skill itself. This minimizes installer risk. The only runtime action is invoking an existing local binary.
Credentials
The skill requests no environment variables, credentials, or config paths—appropriate for a wrapper that calls a local helper. There are no disproportionate secret requests. Note: network access to the SearXNG instance is necessary at runtime but is not requested via env vars.
Persistence & Privilege
always is false and the skill is user-invocable. It does not request persistent presence or modification of other skills or system-wide settings.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install websearch - 安装完成后,直接呼叫该 Skill 的名称或使用
/websearch触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release.
Provides web search via a local SearXNG instance.
元数据
常见问题
WebSearch 是什么?
Performs a web search using a local SearXNG instance and returns raw search results for the given query. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1885 次。
如何安装 WebSearch?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install websearch」即可一键安装,无需额外配置。
WebSearch 是免费的吗?
是的,WebSearch 完全免费(开源免费),可自由下载、安装和使用。
WebSearch 支持哪些平台?
WebSearch 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 WebSearch?
由 netobasilio(@netobasilio)开发并维护,当前版本 v1.0.0。
推荐 Skills