ClawHub

Multi-source retrieval with confidence scoring - web, academic, and Tavily in one unified API

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed external search skill that sends user queries and URLs to AIsa’s API, with privacy considerations but no evidence of hidden or destructive behavior.

Install only if you are comfortable sending search terms, URLs, and possibly retrieved page content or result summaries to AIsa and its search backends. Use a dedicated, revocable AISA_API_KEY, monitor usage or billing, and do not use extract, crawl, map, or explain with secrets, internal systems, authenticated pages, private documents, or regulated data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (16)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill requires environment access for an API key and clearly performs network operations, but it does not declare permissions accordingly. This weakens platform-level trust and review controls because operators may underestimate what the skill can access and transmit.

Tp4

High
Category
MCP Tool Poisoning
Confidence
92% confidence
Finding
The description frames the skill as search, but the documented behavior also includes full-text retrieval, URL extraction, crawling, site-map generation, and explanation/synthesis on remote infrastructure. That broader behavior materially changes the data exposure and reach of the skill, increasing the risk that users submit sensitive URLs/content without realizing the extent of third-party processing.

Context-Inappropriate Capability

Medium
Confidence
75% confidence
Finding
The client exposes crawl and map operations that are materially broader than the advertised search-only purpose, increasing the chance that users or agents invoke powerful web enumeration features without understanding the scope. In agent environments, understated capability breadth can enable unintended data collection against arbitrary URLs and domains.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill encourages sending queries, URLs, and extracted/crawled content to a third-party API using a bearer token, but it does not clearly warn users that potentially sensitive prompts, targets, and retrieved content leave the local environment. In an agent setting, this can lead to unintended disclosure of internal URLs, research topics, or proprietary data.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The request layer forwards user-provided queries and URLs to a third-party API with no user-facing disclosure, consent flow, or data-handling warning. This can cause unintentional exfiltration of sensitive prompts, internal URLs, or proprietary research targets when used by an autonomous agent or unsuspecting operator.

External Transmission

Medium
Category
Data Exfiltration
Content
```bash
# Basic web search
curl -X POST "https://api.aisa.one/apis/v1/scholar/search/web?query=AI+frameworks&max_num_results=10" \
  -H "Authorization: Bearer $AISA_API_KEY"

# Full text search (with page content)
Confidence
87% confidence
Finding
curl -X POST "https://api.aisa.one/apis/v1/scholar/search/web?query=AI+frameworks&max_num_results=10" \ -H "Authorization: Bearer $AISA_API_KEY" # Full text search (with page content) curl -X POST

External Transmission

Medium
Category
Data Exfiltration
Content
```bash
# Basic web search
curl -X POST "https://api.aisa.one/apis/v1/scholar/search/web?query=AI+frameworks&max_num_results=10" \
  -H "Authorization: Bearer $AISA_API_KEY"

# Full text search (with page content)
Confidence
87% confidence
Finding
https://api.aisa.one/

External Transmission

Medium
Category
Data Exfiltration
Content
-H "Authorization: Bearer $AISA_API_KEY"

# Full text search (with page content)
curl -X POST "https://api.aisa.one/apis/v1/search/full?query=latest+AI+news&max_num_results=10" \
  -H "Authorization: Bearer $AISA_API_KEY"
```
Confidence
89% confidence
Finding
https://api.aisa.one/

External Transmission

Medium
Category
Data Exfiltration
Content
```bash
# Search academic papers
curl -X POST "https://api.aisa.one/apis/v1/scholar/search/scholar?query=transformer+models&max_num_results=10" \
  -H "Authorization: Bearer $AISA_API_KEY"

# With year filter
Confidence
85% confidence
Finding
https://api.aisa.one/

External Transmission

Medium
Category
Data Exfiltration
Content
-H "Authorization: Bearer $AISA_API_KEY"

# With year filter
curl -X POST "https://api.aisa.one/apis/v1/scholar/search/scholar?query=LLM&max_num_results=10&as_ylo=2024&as_yhi=2025" \
  -H "Authorization: Bearer $AISA_API_KEY"
```
Confidence
84% confidence
Finding
https://api.aisa.one/

External Transmission

Medium
Category
Data Exfiltration
Content
```bash
# Intelligent hybrid search
curl -X POST "https://api.aisa.one/apis/v1/scholar/search/smart?query=machine+learning+optimization&max_num_results=10" \
  -H "Authorization: Bearer $AISA_API_KEY"
```
Confidence
86% confidence
Finding
https://api.aisa.one/

External Transmission

Medium
Category
Data Exfiltration
Content
```bash
# Tavily search
curl -X POST "https://api.aisa.one/apis/v1/tavily/search" \
  -H "Authorization: Bearer $AISA_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"query":"latest AI developments"}'
Confidence
90% confidence
Finding
https://api.aisa.one/

External Transmission

Medium
Category
Data Exfiltration
Content
-d '{"query":"latest AI developments"}'

# Extract content from URLs
curl -X POST "https://api.aisa.one/apis/v1/tavily/extract" \
  -H "Authorization: Bearer $AISA_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"urls":["https://example.com/article"]}'
Confidence
94% confidence
Finding
https://api.aisa.one/

External Transmission

Medium
Category
Data Exfiltration
Content
-d '{"urls":["https://example.com/article"]}'

# Crawl web pages
curl -X POST "https://api.aisa.one/apis/v1/tavily/crawl" \
  -H "Authorization: Bearer $AISA_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"url":"https://example.com","max_depth":2}'
Confidence
96% confidence
Finding
https://api.aisa.one/

External Transmission

Medium
Category
Data Exfiltration
Content
-d '{"url":"https://example.com","max_depth":2}'

# Site map
curl -X POST "https://api.aisa.one/apis/v1/tavily/map" \
  -H "Authorization: Bearer $AISA_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"url":"https://example.com"}'
Confidence
93% confidence
Finding
https://api.aisa.one/

External Transmission

Medium
Category
Data Exfiltration
Content
```bash
# Generate explanations with confidence scoring
curl -X POST "https://api.aisa.one/apis/v1/scholar/explain" \
  -H "Authorization: Bearer $AISA_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"results":[...],"language":"en","format":"summary"}'
Confidence
88% confidence
Finding
https://api.aisa.one/

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal