ClawHub

Search Workflow

Security checks across malware telemetry and agentic risk

Overview

This is a real search workflow, but it needs Review because it includes a built-in Tavily credential and broad auto-trigger words that could send searches externally unexpectedly.

Review before installing. Use only if you are comfortable sending search queries to Tavily, remove or disable the bundled fallback API key, provide your own TAVILY_API_KEY through a proper secret mechanism, and narrow activation to explicit search-workflow requests. Expect Markdown reports to be written locally when the script runs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill advertises a documentation-only workflow, but the referenced behavior includes environment access, local file writing, and network use without declaring permissions. Hidden or undeclared capabilities reduce transparency and can enable data exposure, unauthorized outbound requests, or writes to the local workspace without informed consent.

Tp4

High
Category
MCP Tool Poisoning
Confidence
96% confidence
Finding
The documented purpose does not match the observed behavior: embedding a default Tavily API key is a credential-management flaw, and undisclosed file output plus unsupported integration claims are deceptive. Hardcoded credentials can be abused by others, while behavior mismatch prevents users from accurately assessing security and privacy impact before execution.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger keywords include very generic terms such as "搜索", "查找", "查询", and "search", which are common in ordinary user conversations. In an agent skill context, overly broad triggers can cause unintended activation, routing benign prompts into this workflow and potentially invoking external search/fetch capabilities when the user did not explicitly intend to use this skill.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The trigger keywords are broad, generic terms like 'search', 'query', and their Chinese equivalents, which can cause the skill to activate for many ordinary user requests outside a clearly intended context. This increases the chance of unintended invocation of network-capable behavior, potentially sending user queries to external search providers when the user did not explicitly ask to use this workflow.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The manifest explicitly advertises web search and full-page retrieval, but it does not disclose that user queries and fetched URLs/content may be transmitted to third-party services. In a skill that integrates multiple external search engines and web fetching, lack of notice and consent can expose sensitive prompts, research topics, or internal data to outside providers.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal