ClawHub

Jina AI - Web Reader, Search and Deep Search

Security checks across malware telemetry and agentic risk

Overview

This skill transparently sends user-provided URLs, searches, and research prompts to Jina AI using the user's Jina API key, which matches its stated purpose.

Install only if you are comfortable sending URLs, search terms, research prompts, and JINA_API_KEY-authenticated requests to Jina AI. Avoid using it with secrets, private internal URLs, or confidential research unless Jina is approved for that data, and store JINA_API_KEY somewhere that will not be committed or shared.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
87% confidence
Finding
The skill advertises and documents capabilities that include shell execution, outbound network access, and reading an environment variable, but it does not declare explicit permissions in a dedicated permissions model. That mismatch weakens user visibility and policy enforcement, making it easier for the skill to exfiltrate user-supplied URLs/queries and the API key without clear upfront authorization boundaries.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README documents URL fetching, web search, and DeepSearch features but does not clearly warn that user-supplied URLs, search terms, and research prompts are transmitted to Jina AI-operated external services. This can cause inadvertent disclosure of sensitive internal URLs, confidential queries, or proprietary research topics, especially because the skill is explicitly designed to send arbitrary user input to remote endpoints.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The skill explicitly states it may be invoked autonomously by the model without explicit user trigger, but it does not define narrow trigger conditions or consent boundaries. In this context, autonomous execution is risky because the skill transmits user prompts, search queries, and URLs to an external service, so broad invocation can cause unintended data disclosure to Jina.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal