Is clockworksquirrel/searxng-local safe?

https://github.com/openclaw/skills/tree/main/skills/clockworksquirrel/searxng-local

92
SAFE

This skill provides legitimate functionality for setting up SearXNG, a privacy-respecting metasearch engine, with comprehensive Docker-based installation instructions. While it contains shell commands that users may execute and triggered canary file access during installation, no malicious behavior was detected and all security checks passed.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 90/100 · 25%
Code Execution 85/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 95/100 · 5%

Findings (3)

LOW Shell commands present in skill documentation -10

The skill contains shell commands for Docker setup and SearXNG configuration that could be executed by users following the documentation.

LOW Canary file access detected -10

Monitoring detected access to sensitive canary files (.env, .ssh/id_rsa, .aws/credentials) during installation, though no data was actually exfiltrated.

INFO External URLs in installation context -5

Skill contains legitimate external GitHub URLs for repository cloning during installation process.