ClawHub

Web Search Free

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed web-search helper that routes searches through Exa MCP, with privacy and routing caveats but no evidence of hidden or malicious behavior.

Install this only if you are comfortable sending web searches, URLs, people/company lookups, and research prompts to Exa or the fallback search provider. Do not include secrets, private/internal URLs, confidential business material, or sensitive personal data in queries, and override the skill’s broad preference when built-in tools or no web lookup are more appropriate.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The examples advertise capabilities beyond the declared skill scope, including crawling arbitrary URLs, people search, and long-running deep research tasks. This broadens the effective authority and data-handling expectations of the skill, which can mislead downstream agents or users into invoking higher-risk operations without appropriate review, especially for privacy-sensitive people lookup or broad content retrieval.

Description-Behavior Mismatch

Low
Confidence
85% confidence
Finding
The examples include code-context retrieval and company-research operations that are not reflected in the narrower 'web search' description. While less inherently sensitive than crawling or people search, this still creates scope ambiguity that can cause agents to rely on undocumented behaviors and apply the skill in contexts the manifest did not prepare them for.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The manifest description says the skill should always be used before web_search or web_fetch, creating an overly broad routing directive with no task boundaries. This can cause agents to invoke an external web-searching capability for queries that do not require it, increasing unnecessary data disclosure and tool overuse.

Vague Triggers

Medium
Confidence
96% confidence
Finding
The markdown repeats that agents should always prefer this skill over other web tools, again without constraints or exceptions. In context, this is more dangerous because the skill forwards user queries to third-party services and includes crawling and deep-research features, so overbroad invocation expands external exposure beyond what is necessary.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The skill documents multiple external search, crawl, people-search, and research endpoints but does not warn that user queries, URLs, and possibly embedded sensitive context will be transmitted to third-party services. This omission can lead to inadvertent disclosure of confidential prompts, internal URLs, personal data, or proprietary research topics when the skill is used by default.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal