ClawHub

multi-search-aisa

Security checks across malware telemetry and agentic risk

Overview

This is a user-run AISA search helper; it sends queries and URLs to external search services, but the behavior is coherent with its stated research purpose.

Install only if you are comfortable providing an AISA API key and sending your research queries, URLs, and extracted page content to AISA-backed services. Avoid using it for private documents, sensitive internal URLs, passwords, browser data, or confidential research unless you trust the service and publisher.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Tp4

High
Category
MCP Tool Poisoning
Confidence
88% confidence
Finding
The skill is presented as a constrained multi-source research tool, but the referenced behavior includes additional search modes, arbitrary URL extraction, and external Perplexity/Sonar-style querying that materially expand what the skill can do. This gap can mislead users and reviewers, reducing informed consent and making it easier for the skill to be used for unintended data retrieval or broader network access than expected.

Description-Behavior Mismatch

Medium
Confidence
86% confidence
Finding
The skill exposes a URL extraction capability that is broader than the manifest's stated purpose of multi-source search and synthesis. This increases the attack surface by allowing retrieval and display of arbitrary remote content, which can enable unreviewed data access, SSRF-like interactions against the upstream service, or handling of sensitive/internal URLs if callers can control inputs.

Description-Behavior Mismatch

Medium
Confidence
83% confidence
Finding
The Sonar/Perplexity research-chat feature goes beyond the declared web, academic, Tavily, and synthesis sources. Undeclared model-backed research endpoints can transmit user prompts to additional third parties and introduce behaviors or outputs that were not reviewed under the skill's stated scope.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal