ClawHub

AIsa Multi Source Search

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed search client that sends user-provided searches, URLs, and result data to AIsa's external API, with no evidence of hidden persistence, credential theft, or destructive behavior.

Install only if you are comfortable sending search terms, target URLs, retrieved content, and result bundles to AIsa's API. Use a scoped API key, avoid confidential prompts and private/internal URLs, and get authorization before using crawl or map features on third-party sites.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (16)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill requires an API key from the environment and clearly performs outbound network requests, yet it does not declare permissions in a way that makes these capabilities explicit to reviewers or users. This reduces transparency and can cause users to invoke a skill without understanding that their queries, URLs, and credentials will be used for external API calls.

Tp4

High
Category
MCP Tool Poisoning
Confidence
88% confidence
Finding
The skill is presented as an intelligent search tool, but the documented behavior extends into full-page retrieval, arbitrary URL extraction, crawling, sitemap generation, and separate explanation processing. This broader capability materially increases the data-access and transmission surface, so users may authorize it for simple search without realizing it can fetch and process arbitrary external content.

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The advertised capability is search, but the implementation also exposes crawl and site-mapping operations that can fetch and enumerate remote sites beyond ordinary query-based retrieval. This capability expansion increases data access and external interaction surface, which is risky for agent skills because downstream users or orchestrators may permit the skill based on a narrower manifest than the code actually implements.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The markdown instructs users to perform search, extraction, crawling, and mapping against external services without a clear warning that prompts and supplied URLs will be transmitted to third-party infrastructure. In an agent setting, this can expose sensitive queries, internal URLs, or proprietary research targets to external providers without informed consent.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The client transmits user-supplied queries and URLs to a third-party API without any consent prompt, masking, or warning about external data disclosure. In an agent context, users may assume local processing, so sensitive prompts, internal URLs, or proprietary research targets could be sent off-platform unexpectedly.

External Transmission

Medium
Category
Data Exfiltration
Content
```bash
# Basic web search
curl -X POST "https://api.aisa.one/apis/v1/scholar/search/web?query=AI+frameworks&max_num_results=10" \
  -H "Authorization: Bearer $AISA_API_KEY"

# Full text search (with page content)
Confidence
86% confidence
Finding
curl -X POST "https://api.aisa.one/apis/v1/scholar/search/web?query=AI+frameworks&max_num_results=10" \ -H "Authorization: Bearer $AISA_API_KEY" # Full text search (with page content) curl -X POST

External Transmission

Medium
Category
Data Exfiltration
Content
```bash
# Basic web search
curl -X POST "https://api.aisa.one/apis/v1/scholar/search/web?query=AI+frameworks&max_num_results=10" \
  -H "Authorization: Bearer $AISA_API_KEY"

# Full text search (with page content)
Confidence
86% confidence
Finding
https://api.aisa.one/

External Transmission

Medium
Category
Data Exfiltration
Content
-H "Authorization: Bearer $AISA_API_KEY"

# Full text search (with page content)
curl -X POST "https://api.aisa.one/apis/v1/search/full?query=latest+AI+news&max_num_results=10" \
  -H "Authorization: Bearer $AISA_API_KEY"
```
Confidence
90% confidence
Finding
https://api.aisa.one/

External Transmission

Medium
Category
Data Exfiltration
Content
```bash
# Search academic papers
curl -X POST "https://api.aisa.one/apis/v1/scholar/search/scholar?query=transformer+models&max_num_results=10" \
  -H "Authorization: Bearer $AISA_API_KEY"

# With year filter
Confidence
83% confidence
Finding
https://api.aisa.one/

External Transmission

Medium
Category
Data Exfiltration
Content
-H "Authorization: Bearer $AISA_API_KEY"

# With year filter
curl -X POST "https://api.aisa.one/apis/v1/scholar/search/scholar?query=LLM&max_num_results=10&as_ylo=2024&as_yhi=2025" \
  -H "Authorization: Bearer $AISA_API_KEY"
```
Confidence
83% confidence
Finding
https://api.aisa.one/

External Transmission

Medium
Category
Data Exfiltration
Content
```bash
# Intelligent hybrid search
curl -X POST "https://api.aisa.one/apis/v1/scholar/search/smart?query=machine+learning+optimization&max_num_results=10" \
  -H "Authorization: Bearer $AISA_API_KEY"
```
Confidence
85% confidence
Finding
https://api.aisa.one/

External Transmission

Medium
Category
Data Exfiltration
Content
```bash
# Tavily search
curl -X POST "https://api.aisa.one/apis/v1/tavily/search" \
  -H "Authorization: Bearer $AISA_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"query":"latest AI developments"}'
Confidence
90% confidence
Finding
https://api.aisa.one/

External Transmission

Medium
Category
Data Exfiltration
Content
-d '{"query":"latest AI developments"}'

# Extract content from URLs
curl -X POST "https://api.aisa.one/apis/v1/tavily/extract" \
  -H "Authorization: Bearer $AISA_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"urls":["https://example.com/article"]}'
Confidence
95% confidence
Finding
https://api.aisa.one/

External Transmission

Medium
Category
Data Exfiltration
Content
-d '{"urls":["https://example.com/article"]}'

# Crawl web pages
curl -X POST "https://api.aisa.one/apis/v1/tavily/crawl" \
  -H "Authorization: Bearer $AISA_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"url":"https://example.com","max_depth":2}'
Confidence
96% confidence
Finding
https://api.aisa.one/

External Transmission

Medium
Category
Data Exfiltration
Content
-d '{"url":"https://example.com","max_depth":2}'

# Site map
curl -X POST "https://api.aisa.one/apis/v1/tavily/map" \
  -H "Authorization: Bearer $AISA_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"url":"https://example.com"}'
Confidence
94% confidence
Finding
https://api.aisa.one/

External Transmission

Medium
Category
Data Exfiltration
Content
```bash
# Generate explanations with confidence scoring
curl -X POST "https://api.aisa.one/apis/v1/scholar/explain" \
  -H "Authorization: Bearer $AISA_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"results":[...],"language":"en","format":"summary"}'
Confidence
84% confidence
Finding
https://api.aisa.one/

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal