searxng-search

The skill's described purpose (web search via a self-hosted SearXNG) aligns with its configuration-driven approach. Data flows involve querying a configured API endpoint with optional credentials, and returning results to the user. While credentials are stored and used for API authentication, this is proportional to the task. No evident arbitrary downloads, covert data exfiltration, or autonomous real-world actions are present. Overall risk is low to moderate, driven primarily by credential handling and environment-based token sourcing. Recommend ensuring config files are securely stored and that environment variables used for tokens are tightly scoped.