ClawHub

Bing Search (Free)

Security checks across malware telemetry and agentic risk

Overview

It performs free web searches as advertised, but its helper script handles outside web content in a way that could run code on your machine.

Review before installing. Use it only for non-sensitive searches, do not submit secrets or internal URLs, and prefer a fixed version that declares its network/tool requirements, clearly discloses Bing/Jina.ai data sharing, and parses web responses without embedding them into executable Python code.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill advertises and documents shell execution and network access, but does not declare permissions accordingly. This creates a trust and governance gap: users or platforms may approve the skill without realizing it can execute scripts and send data off-host, increasing the risk of unintended command execution or external data exposure.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill sends user search queries to Bing and causes page URLs/content to be fetched through Jina.ai, but the description does not warn users that their inputs and requested resources are transmitted to third-party services. This is dangerous because sensitive queries, internal URLs, or proprietary research targets could be disclosed externally without informed consent.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script sends the user's raw search query to external third parties (r.jina.ai and indirectly Bing) without any explicit notice, consent step, or privacy warning. In an agent skill context, users may reasonably assume local processing, so sensitive terms, internal project names, credentials pasted by mistake, or personal data could be disclosed over the network unexpectedly.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal