ClawHub

universal-search

Security checks across malware telemetry and agentic risk

Overview

This search skill largely does what it claims, but it sends user queries and a bundled bearer token to an external service with under-scoped credential handling.

Review before installing. Use only if you trust the publisher and the Coze-hosted endpoint, do not enter secrets or private business/personal data as queries, and prefer configuring your own trusted UNIVERSAL_SEARCH_URL and UNIVERSAL_SEARCH_TOKEN rather than relying on the bundled token.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill declares no permissions while its metadata clearly indicates access to environment variables and the ability to make outbound network requests. This mismatch can mislead users and reviewers about the skill's actual capabilities, reducing informed consent and making it easier for sensitive data or secrets to be used without clear disclosure.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill invokes an external search API, but the description does not warn that user search queries may be sent to a third-party service. Users may enter sensitive internal data, credentials, or personal information under the assumption that queries remain local, creating a privacy and data-exfiltration risk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
User search queries are sent to a third-party remote service, but the tool does not provide a clear privacy notice or consent mechanism before transmitting potentially sensitive prompts. In an agent ecosystem, users may assume local processing, so this creates a real data exposure risk if queries contain secrets, personal data, or proprietary information.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal