ClawHub

Private Web Search Searchxng

Security checks across malware telemetry and agentic risk

Overview

This skill openly sets up and queries a self-hosted SearXNG search service, with Docker and privacy cautions but no hidden or malicious behavior found.

Install this only if you are comfortable running a Dockerized local search service. Prefer binding it to localhost on shared or network-accessible machines, consider pinning the SearXNG image version, avoid sensitive queries when using a remote SEARXNG_HOST or plain HTTP, and review before running docker rm searxng -f because it can remove an existing container.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill clearly instructs the agent/user to execute shell commands such as docker, curl, jq, sed, and restart operations, but it does not declare corresponding permissions or safety boundaries. This creates a trust and execution-gap risk: an agent may perform system-level actions that are not transparently surfaced to the user, including pulling/running containers and modifying files inside them.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The setup and management steps perform real system changes: they start a Docker container, alter configuration inside the container with sed, restart the service, expose port 8080, and later suggest forced deletion with docker rm -f. In the context of an agent skill, presenting these commands without prominent warnings or confirmation requirements is dangerous because an automated agent could execute them directly, causing unintended local service exposure, image execution, configuration drift, or destructive cleanup.

Missing User Warnings

Low
Confidence
95% confidence
Finding
The script sends the user's raw search query over a network request to a SearXNG instance without any explicit notice, confirmation, or disclosure to the user. In this skill's context that behavior is expected, but it still has privacy implications because queries may contain sensitive data and are transmitted to a server that may log requests; additionally, the URL uses plain HTTP by default, which can further expose query contents in transit if the service is not strictly local.

VirusTotal

No VirusTotal findings

View on VirusTotal