ClawHub

Exa Web Search V2

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only Exa search skill; its main risk is that user queries, URLs, company names, and people-search terms are sent to Exa’s remote MCP service.

Install only if you are comfortable using Exa as a third-party remote search provider. Avoid submitting secrets, private source code, internal URLs, confidential business topics, regulated personal data, or sensitive people-search queries unless you have approval. Prefer the default Exa configuration for ordinary search and enable exa-full only when you intentionally need the advanced tools.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
87% confidence
Finding
The examples advertise additional capabilities such as crawling, people search, and asynchronous deep research that are not reflected in the stated skill scope. This creates a scope-transparency problem: users or downstream agents may invoke more sensitive data-access features than expected, increasing the chance of unintended external requests, collection of personal data, or policy bypass through undocumented functionality.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill routes user search queries and research inputs to a remote Exa MCP endpoint, but the description does not warn users that their prompts and searched entities leave the local environment. This creates a real privacy and data-handling risk because users may submit sensitive company names, code-related queries, or investigative research terms under the mistaken assumption that the skill is local-only.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The document encourages web search, crawling, and people-search actions without warning that user-supplied queries, company names, URLs, or person identifiers will be transmitted to external services. In a security-sensitive agent setting, this omission can lead to accidental disclosure of sensitive prompts, internal URLs, proprietary research topics, or personal data to third-party systems.

Unrestricted Tool Access

Medium
Category
Excessive Agency
Content
- `people_search_exa` - Professional profiles
- `deep_researcher_start/check` - AI research agent

**Enable all tools:**
```bash
mcporter config add exa-full "https://mcp.exa.ai/mcp?tools=web_search_exa,web_search_advanced_exa,get_code_context_exa,deep_search_exa,crawling_exa,company_research_exa,people_search_exa,deep_researcher_start,deep_researcher_check"
Confidence
84% confidence
Finding
tools:*

Unrestricted Tool Access

Medium
Category
Excessive Agency
Content
- `people_search_exa` - Professional profiles
- `deep_researcher_start/check` - AI research agent

**Enable all tools:**
```bash
mcporter config add exa-full "https://mcp.exa.ai/mcp?tools=web_search_exa,web_search_advanced_exa,get_code_context_exa,deep_search_exa,crawling_exa,company_research_exa,people_search_exa,deep_researcher_start,deep_researcher_check"
Confidence
84% confidence
Finding
Enable all tools

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal