yandex-search-api

This skill description documents a benign and coherent Yandex Cloud Search API client: it legitimately requires a Yandex service account key, obtains an IAM token, and calls the Yandex Search API, caching results locally. There are no evident malicious indicators in the README text itself (no unknown domains, no encoded payloads, no extraneous credential requests). The main security considerations are operational: protect the service account key and cached token, and verify the actual bash scripts (iam_token_get.sh, web_search_sync.sh, web_search_async.sh) before running them to ensure they do not perform credential exfiltration or contact attacker-controlled endpoints. Without the scripts' source we cannot fully rule out supply-chain tampering; review of the script contents is required to conclude benignity with high confidence.