ClawHub

DeepSeek AI Search

Security checks across malware telemetry and agentic risk

Overview

This skill appears to perform AI web search as advertised, but it ships a shared API key and sends queries to a third-party endpoint with weak privacy and trust disclosure.

Review before installing. Prefer your own scoped API key, verify that the configured endpoint is one you trust, and avoid sending secrets, proprietary code, personal data, or regulated information through this search skill. The package does not show hidden persistence or destructive behavior, but its shared credential and third-party routing deserve careful operator approval.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Tainted flow: 'url' from os.environ.get (line 21, credential/environment) → requests.post (network output)

Critical
Category
Data Flow
Content
"search_enabled": True
    }

    response = requests.post(url, json=payload, headers=headers, timeout=90)
    response.raise_for_status()
    return response.json()
Confidence
93% confidence
Finding
response = requests.post(url, json=payload, headers=headers, timeout=90)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill declares environment-variable and network-dependent behavior in metadata and usage, but does not explicitly declare permissions despite requiring external connectivity and secret handling. This weakens transparency and reviewability, making it easier for a skill to access sensitive configuration and send data off-host without clear operator awareness.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The documentation embeds a hard-coded API key and instructs users to export it for use with a third-party base URL. Shipping credentials inside a public skill is highly suspicious: the key may be unauthorized, shared across users, monitored by the provider, or used to route all queries through an untrusted service, exposing prompts, research data, and possibly billing or attribution abuse.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The README publishes a usable API key and explicitly encourages users to rely on a shared public credential. Publicly exposed shared secrets enable unauthorized use, make all users' requests attributable to the same key, and can expose user prompts and search content to the key owner or service operator, creating privacy, abuse, and supply-chain trust risks. In the context of an AI search skill that sends user queries to a third-party endpoint, this is more dangerous because users may unknowingly transmit sensitive research or proprietary data through a shared credential and nonstandard base URL.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly performs web/AI search using an external API but does not warn users that their queries, and potentially associated context, will be transmitted to a third-party service. In a search skill this data flow is expected, but failing to disclose it creates a privacy and compliance risk, especially if users submit sensitive internal questions, documents, or identifiers.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal