ClawHub

Xby Smart Search

Security checks across malware telemetry and agentic risk

Overview

The skill is an API-backed technical search helper; it appears purpose-aligned, but it sends searches to XBY and stores the API key in a local .env file.

Install only if you are comfortable giving an XBY API key to this skill and having your search terms sent to the XBY MCP service and then to the destination search sites. Avoid searching for secrets, private repository names, credentials, customer data, or sensitive incident details, and remove XBY_APIKEY from the local .env file if you no longer want the key stored.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (20)

Description-Behavior Mismatch

Medium
Confidence
84% confidence
Finding
The workflow and metadata refer to an API-keyed service and handling pattern that appears inconsistent with the advertised search toolkit, indicating documentation or packaging confusion. Such inconsistencies can mask unintended data collection paths or cause operators to trust a skill whose real behavior they cannot accurately assess.

Description-Behavior Mismatch

High
Confidence
94% confidence
Finding
The configuration targets a different domain ('高考' / xiaobenyang.com) than the declared smart search skill, which indicates the file may be repurposed from another project or wired to an unrelated backend. In a skill context, this mismatch increases the risk of unexpected data flows, accidental credential submission to the wrong service, or hidden functionality outside the manifest.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The manifest describes a search-tool skill, but this module also persists and manages API credentials locally. Undisclosed credential storage is security-relevant because users and integrators may not expect secrets to be written to disk, increasing the chance of accidental leakage through source control, backups, or shared environments.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs the agent to ask for an API key and persist it via local configuration without warning the user about storage location, retention, or exposure risk. Persisting sensitive credentials without informed consent can lead to secret leakage through local files, backups, logs, or other skills with file access.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill directs the agent to fetch generated search URLs from third-party websites without warning that user queries will be transmitted externally. This creates a privacy and data-handling risk because potentially sensitive search terms may be disclosed to external platforms unexpectedly.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The code writes the API key directly into a local .env file without any user-facing warning, consent prompt, or indication of storage risks. In agent/skill deployments, .env files are commonly copied, backed up, or accidentally committed, so silent persistence can expose credentials beyond the intended runtime.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
This function forwards raw user search queries to an external API via call_api without any visible runtime disclosure or consent mechanism. Even if the feature is expected to search external sources, users may unknowingly submit sensitive internal terms, credentials, or proprietary project names to a third-party service, creating a privacy and data-handling risk.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The GitHub search wrapper sends user queries and optional filters to an external API endpoint without any visible notice outside internal docstrings. This can leak sensitive repository names, internal code terms, or investigation context to a third party when users may believe they are only generating a search URL locally.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
This StackOverflow search function transmits user-supplied query data and tags to an external API through call_api with no user-visible warning. Technical troubleshooting searches often contain stack traces, hostnames, package names, or fragments of proprietary code, so silent forwarding increases confidentiality risk.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The NPM search helper forwards user search terms externally without any visible disclosure. Package searches may reveal planned dependencies, internal module names, or security research interests, which can expose operational or development context unnecessarily.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
This documentation search function sends user queries and framework selections to an external service without explicit user-facing notice. Because documentation lookups can include internal architecture terms or debugging context, undisclosed transmission creates a real privacy and data exposure concern.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The API reference search submits api_name and platform values to an external API without user-visible disclosure. These fields may contain internal API names, private library identifiers, or vendor evaluation details that should not be silently shared with external infrastructure.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
This WeChat documentation search wrapper forwards user query text and platform selections to an external API without a visible warning. In enterprise environments, those searches may disclose product plans, app identifiers, or debugging details related to regulated systems.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The CSDN search function sends user query data to an external API without explicit disclosure to the user. Search text in developer tools often includes confidential implementation details, so silent forwarding raises data leakage and compliance concerns.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
This Juejin search helper transmits user-entered search terms externally with no user-visible warning. The behavior is more dangerous in a technical search skill because users may paste detailed error messages or internal identifiers while expecting a simple search utility.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The SegmentFault search function forwards user queries and optional tags to an external service without clear user-facing disclosure. This may expose proprietary troubleshooting context or sensitive engineering details to a third-party processor unexpectedly.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
This blog search wrapper sends user-provided query text to an external API without visible disclosure. Even though it is a search feature, undisclosed outbound transmission of free-form developer queries can leak confidential terms or investigation topics.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The OSChina search helper transmits user search inputs to an external API without explicit user-facing notice. Because the tool is designed for technical research, user queries may contain sensitive code ecosystem details that should not be silently disclosed.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
This Aliyun docs search sends query and product terms to an external API without an explicit warning to users. Cloud product searches can reveal internal infrastructure choices or incident-response context, making silent sharing particularly risky for enterprise users.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The Tencent documentation search function transmits user-provided search terms externally with no visible disclosure. In context, this is a real confidentiality risk because users may search for cloud configuration issues, service names, or internal deployment details they do not expect to share with a third party.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal