ClawHub

Marketplace Local Search

Security checks across malware telemetry and agentic risk

Overview

This is a transparent local-service client for Marketplace searches; the main risk is that your search terms and location go to the endpoint you configure.

Use this only with a Marketplace service you control or trust, especially if setting MARKETPLACE_API_BASE_URL or editing config.json, because your search terms and location will be sent there. Install dependencies in a virtual environment. I found no artifact evidence of credential theft, hidden persistence, destructive actions, or unexpected data collection.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill declares no permissions, yet its documented behavior clearly relies on environment variables, local file access for config/requirements, and network access to a local HTTP service. This mismatch can mislead reviewers and users about the skill's effective capabilities, reducing informed consent and making it easier for risky behavior to be hidden behind an apparently minimal manifest.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The script transmits user-supplied query and location data to an HTTP service, but it does so silently and allows the destination to be changed via config or environment variables. Even though the default target is localhost, this can still expose potentially sensitive search interests and location data to another process or to a non-local endpoint if configuration is altered, without clear disclosure or trust validation.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal