ClawHub

Abstract Searcher

Security checks across malware telemetry and agentic risk

Overview

The skill performs the advertised abstract lookup, but its fallback workflow can use and control the user's logged-in Chrome session.

Install only if you are comfortable with bibliography titles/authors being queried against public academic APIs. Prefer the API-only script. If browser fallback is needed, use a separate Chrome profile with minimal logins, approve each site explicitly, and avoid using personal or institutional sessions for sensitive or unpublished bibliographies.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
87% confidence
Finding
The skill clearly requires reading local BibTeX files and making outbound network requests, but it declares no permissions. That undermines user awareness and any permission-based enforcement, making the skill more dangerous because it can access local content and transmit paper titles or metadata externally without an explicit grant.

Tp4

High
Category
MCP Tool Poisoning
Confidence
77% confidence
Finding
The documented behavior does not fully match the described scope: it uses OpenAlex in addition to the listed services, and the browser fallback is inconsistently represented. Behavior mismatches are dangerous because users and reviewers cannot accurately assess data flows, third-party exposure, or operational risks from the description alone.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The browser fallback instructs use of the user's real Chrome profile and existing login sessions to access Google Scholar and publisher sites, but does not prominently warn the user about that privacy and session-use risk. This is dangerous because it can leverage authenticated sessions to access subscription content and expose browsing identity, institutional access, or query history to third-party sites.

External Transmission

Medium
Category
Data Exfiltration
Content
1. **arXiv API**: `http://export.arxiv.org/api/query?search_query=...`
2. **Semantic Scholar**: `https://api.semanticscholar.org/graph/v1/paper/search?query=...`
3. **CrossRef**: `https://api.crossref.org/works?query.title=...`
4. **OpenAlex**: `https://api.openalex.org/works?search=...`

## Browser Fallback (IMPORTANT!)
Confidence
74% confidence
Finding
https://api.openalex.org/

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal