← Back to Scanner

multi-search-engine Security Audit Report

🔭 Continuously monitored by ClawSecure Watchtower
Source:
SHA-256:

multi-search-engine is an AI agent skill, created by gpyangyoujun and published at openclaw/skills. ClawSecure audited multi-search-engine across 8 files through the 3-Layer Audit Protocol covering all ten OWASP ASI Top 10 categories, assigning a security score of 93/100 (Safe). The 3 findings concentrate in Policy Violation, Verification and ReDoS, including ReDoS vulnerability: Nested quantifiers (potential catastrophic... and No GitHub source URL - cannot verify agent origin. None were rated high or critical severity.

Is multi-search-engine safe?

ClawSecure audited multi-search-engine and assigned a security score of 93/100 (Safe), identifying 3 findings across Policy Violation and Verification. Review the findings below before installing.

What did ClawSecure find in multi-search-engine?

ClawSecure identified 3 findings in multi-search-engine, concentrated in Policy Violation, Verification and ReDoS. The most severe include ReDoS vulnerability: Nested quantifiers (potential catastrophic... and No GitHub source URL - cannot verify agent origin.

How was multi-search-engine audited?

ClawSecure ran multi-search-engine through its 3-Layer Audit Protocol with full OWASP ASI Top 10 coverage, scanning 8 files from openclaw/skills.

What does a score of 93 mean?

ClawSecure assigned multi-search-engine a security score of 93/100, placing it in the Safe range. Scores of 80 or above qualify for ClawSecure Verified status; the 3 findings detected are lower-severity. ClawSecure derives this score with a weighted deduction model (critical -20, high -10, medium -5, low -2 from a base of 100).

Audit Findings for multi-search-engine

ClawSecure detected 3 security findings in multi-search-engine, spanning Policy Violation, Verification and ReDoS.

Each finding is expandable in the interactive list below.

3-Layer Audit Protocol

Security Recommendations for multi-search-engine

Resolve policy violations
multi-search-engine trips ClawSecure policy checks. Review each flagged pattern against your security policy and remediate or document an accepted exception before production use.
Fix ReDoS-prone patterns
multi-search-engine contains regular expressions vulnerable to catastrophic backtracking (ReDoS). Replace vulnerable patterns, bound input length, and prefer linear-time matching so a crafted input cannot hang the agent.
Pin dependencies to exact versions
Unpinned dependencies allow supply-chain attacks where a compromised version is pulled in automatically. Use exact version numbers in package.json (for example 1.2.3 instead of ^1.2.3) to keep unauthorized code out of your dependency tree. ClawSecure checks every dependency against known CVE databases.
Add a config.json permissions manifest
A config.json file declares what permissions an agent component needs: file system access, network requests, shell execution and more. Without it, users have no visibility into what the component can do before installing. Adding a permissions manifest is the single most impactful security improvement for any AI agent skill.

Related Security Research

OWASP ASI Top 10 Explained: The Complete Guide to AI Agent Security StandardsUnderstanding Our 3-Layer Audit ProtocolWhy Generic Scanners Fail at AI Agent Security

Related AI Agent Security Audits

c1cb277f8f4aa143Score 95/10030bdbb41c9aa6d07Score 95/100624aee5f17bf59b1Score 95/100fe8225736dfe608bScore 85/100c376fd05e09d59c2Score 85/100

Scanned on April 16, 2026. multi-search-engine is one of thousands of agents audited by ClawSecure from the community-curated awesome-openclaw-skills list and the openclaw/skills repository.

Start Your Free Scan