ClawHub

multi-search-zh

Security checks across malware telemetry and agentic risk

Overview

This skill is a remote AISA search helper whose behavior fits its purpose, though users should avoid sending private queries or URLs.

Install only if you are comfortable using AISA as a third-party search provider. Use a scoped, rotatable AISA_API_KEY, and do not submit secrets, private documents, internal URLs, confidential research prompts, or regulated data unless that data flow is approved.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Tp4

High
Category
MCP Tool Poisoning
Confidence
93% confidence
Finding
The skill is presented as a narrowly scoped multi-source evidence search tool, but the analysis indicates it also exposes broader single-source search, extraction, and model-driven research behaviors. This mismatch can cause agents or users to invoke a more powerful general research/extraction tool than intended, increasing the risk of policy bypass, overbroad data retrieval, or unexpected external transmission.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The skill advertises multi-source evidence search and synthesis, but also exposes arbitrary URL extraction and prints raw page content. That materially expands the data-access surface beyond the declared purpose and can be abused to fetch and reveal content from attacker-supplied URLs, increasing privacy, compliance, and misuse risk.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The file includes a separate Sonar/Perplexity chat-style querying path that is not described in the manifest. Hidden or undocumented capabilities are risky because they bypass user/admin expectations about what the skill can send to third parties and broaden external data transmission beyond the stated multi-search workflow.

VirusTotal

46/46 vendors flagged this skill as clean.

View on VirusTotal