Web Search Plus

Name: web-search-plus
Author: robbyczgw-cla

View on ClawHub↗

Share on X Share on LinkedIn Share on Bluesky

70High

The skill risks command injection and SSRF due to uns

ThreatsCI SM CS BC S HITL

Behavior Analysis

Description verified — behavior matches claim

Claims to do

Web Search Plus: **Stop choosing search providers. Let the skill do it for you.**

Actually does

This skill executes Python scripts to perform web searches. It reads API keys from environment variables or a configuration file and uses them to make API calls to various search providers including Serper, Tavily, Querit, Exa, Kilo (for Perplexity), You.com, and a user-configured SearXNG instance. It automatically routes queries to the most suitable provider based on query analysis, and can fall back to other providers if one fails.

Threat Analysis

AI Agent Traps ↗Scanned 4/15/2026

Content InjectionPerceptionclean

Semantic ManipulationReasoningclean

Cognitive StateMemory & Learning1 finding

Behavioural ControlAction2 findings

SystemicMulti-Agent Dynamicsclean

Human-in-the-LoopHuman Overseerclean

Skill Info

Namerobbyczgw-cla/web-search-plus

Registryclawhub

Version2.9.2

PURLpkg:clawhub/robbyczgw-cla/web-search-plus@2.9.2

Stars94

Downloads19,550

Installs153

Source

Repository ↗

SHA-256f373cb312086...

SHA-132782b053092...

MD50eab9a2da9fc...

TLSHb1221babed11...

ssdeep192:uE+2d8Pf...

Size10,276 bytes

Install

This skill has been flagged as potentially malicious. Review the findings below before installing.

OpenClawDocs

https://clawhub.ai/robbyczgw-cla/web-search-plus

19,550 downloads153 installs

ClawHubDocs

openclaw skills install robbyczgw-cla/web-search-plus

Assessments (2)

AI Agent Traps ↗

Command Execution via User-Controlled Inputhighcommand execution

The skill explicitly requires `python3` and `bash` and invokes Python scripts (`scripts/search.py`) with user-provided query strings (`-q`) and other parameters. If these scripts do not properly sanitize user input before constructing shell commands or API requests, it could lead to arbitrary command execution.

80% confidenceline 6

metadata: {"openclaw":{"requires":{"bins":["python3","bash"]...}}}, `python3 scripts/search.py -q "Tesla Model 3 price"`

Potential SSRF via Unprotected URL Parametersmediumssrf

The skill accepts user-provided URLs (e.g., `--similar-url` for the Exa provider). While SSRF protection is explicitly mentioned for the SearXNG instance URL, it is not stated for other providers or general URL handling, creating a potential SSRF vulnerability if not universally applied.

70% confidenceline 110

`python3 scripts/search.py -p exa --similar-url "https://stripe.com"`

Undisclosed Script Content for Core Functionalitylowdescription mismatch

The skill's core functionality relies on external Python scripts (`scripts/setup.py`, `scripts/search.py`) whose content is not provided for analysis. The security posture of the skill is highly dependent on the implementation details of these scripts, particularly regarding input sanitization and API key handling.

90% confidenceline 60

`python3 scripts/setup.py`, `python3 scripts/search.py -q "..."`

Badge

Markdown

[![Mondoo Skill Check](https://mondoo.com/ai-agent-security/api/badge/clawhub/robbyczgw-cla/web-search-plus.svg)](https://mondoo.com/ai-agent-security/skills/clawhub/robbyczgw-cla/web-search-plus)

HTML

<a href="https://mondoo.com/ai-agent-security/skills/clawhub/robbyczgw-cla/web-search-plus"><img src="https://mondoo.com/ai-agent-security/api/badge/clawhub/robbyczgw-cla/web-search-plus.svg" alt="Mondoo Skill Check" /></a>

Image URL

https://mondoo.com/ai-agent-security/api/badge/clawhub/robbyczgw-cla/web-search-plus.svg

Secure your AI agents

Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.

Continuous scanning of skills across all registries
Policy enforcement before skills reach your agents
Integration with your existing security workflow