Scan Report
0 /100
google-web-search
Google Custom Search API wrapper for web search
A straightforward Google Custom Search API wrapper that reads its own config and makes legitimate network requests to Google's servers.
Safe to install
No action needed. The skill performs exactly what it advertises: a thin client for Google search.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | READ | READ | ✓ Aligned | src/google_search.py:14 — Path(__file__).parent.parent / '.env' (only reads its … |
| Network | READ | READ | ✓ Aligned | src/google_search.py:53 — requests.get(https://www.googleapis.com/customsearch/v… |
| Environment | READ | READ | ✓ Aligned | src/google_search.py:27 — os.getenv('GOOGLE_API_KEY') / os.getenv('GOOGLE_CX') (… |
| Shell | NONE | NONE | — | No subprocess, os.system, or shell invocation found |
1 High 12 findings
High API Key 疑似硬编码凭证
API_KEY="your_google_api_key" README.md:22 Medium External URL 外部 URL
https://img.shields.io/badge/version-1.0.0-green.svg README.md:5 Medium External URL 外部 URL
https://img.shields.io/badge/License-MIT-yellow.svg README.md:6 Medium External URL 外部 URL
https://opensource.org/licenses/MIT README.md:6 Medium External URL 外部 URL
https://img.shields.io/badge/python-3.10+-blue.svg README.md:7 Medium External URL 外部 URL
https://www.python.org/downloads/ README.md:7 Medium External URL 外部 URL
https://console.cloud.google.com/ README.md:26 Medium External URL 外部 URL
https://programmablesearchengine.google.com/ README.md:27 Medium External URL 外部 URL
https://forbes.com/ai-trends-2026 SKILL.md:220 Medium External URL 外部 URL
https://mit.edu/ai-future-2026 SKILL.md:225 Medium External URL 外部 URL
https://cloud.google.com/custom-search/docs SKILL.md:254 Medium External URL 外部 URL
https://developers.google.com/custom-search/v1/overview SKILL.md:255 File Tree
4 files · 11.4 KB · 526 lines Markdown 2f · 393L
Python 1f · 131L
Text 1f · 2L
├─
▾
src
│ └─
google_search.py
Python
├─
README.md
Markdown
├─
requirements.txt
Text
└─
SKILL.md
Markdown
Dependencies 2 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
requests | >=2.28.0 | pip | No | Minimum version pinned; standard library |
python-dotenv | >=1.0.0 | pip | No | Minimum version pinned; standard utility |
Security Positives
✓ No shell execution — no subprocess, os.system, or any command invocation
✓ No credential theft — only reads its own GOOGLE_API_KEY and GOOGLE_CX as declared
✓ No obfuscation — all code is plain, readable Python
✓ No data exfiltration — all network traffic is exclusively to Google's legitimate Custom Search API endpoint
✓ No hidden functionality — SKILL.md and README.md match the actual implementation
✓ No base64/eval patterns — zero obfuscation techniques found
✓ No supply chain risk — only two pinned dependencies (requests>=2.28.0, python-dotenv>=1.0.0)
✓ No suspicious file access — no ~/.ssh, ~/.aws, .env beyond its own, or other sensitive paths
✓ Environment variables read are explicitly declared in SKILL.md