ClawHub

AnySearch

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed remote search skill that sends searches and URLs to AnySearch, with no hidden or destructive behavior found.

Install only if you are comfortable sending search terms, URLs to extract, and any configured AnySearch API key to AnySearch. Do not use it for secrets, private internal URLs, regulated data, or confidential investigations unless you trust that provider and your workspace secret handling.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Context-Inappropriate Capability

Low
Confidence
90% confidence
Finding
The documentation explicitly instructs storing an API key in a local .env file, which expands the skill's behavior from search/extraction into credential handling. While .env storage is common, presenting it without safeguards can lead to accidental exposure through source control, logs, shared workspaces, or weak file permissions.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README advertises real-time web search and URL extraction but does not clearly disclose that user queries and supplied URLs are transmitted to an external service. In an agent setting, this can cause unintended disclosure of sensitive prompts, internal URLs, tokens in query strings, or confidential investigation targets because operators may assume the skill is local-only.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The API key setup guidance recommends storing secrets in a .env file or exporting them directly in shell commands without warning about leakage through shell history, process inspection, accidental commits, or permissive filesystem access. In agent environments, these risks are amplified because logs, transcripts, workspace snapshots, and shared home directories may expose the credential to other tools or users.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger conditions are very broad and encourage activation for generic information retrieval, fact-checking, browsing, and many domain queries. Overbroad triggers increase the chance the agent invokes this skill unnecessarily, causing unneeded network egress of user prompts, URLs, or context to a third-party service.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The CLI accepts user-provided search queries, batch queries, and URLs, then forwards them to a third-party remote API, but the code contains no explicit user-facing disclosure or warning at the point of use. In a CLI context this creates a real privacy/security risk because operators may assume processing is local and unintentionally transmit sensitive internal URLs, search terms, or investigation data off-host.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The markdown tells the user/agent to save an API key to .env and retry, but provides no warning about secure storage, redaction, or repository leakage. In an agent setting, this is more dangerous because the instruction may cause automated persistence of secrets on disk beyond the user's awareness or intended consent boundaries.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal