ClawHub

Advanced Searxng Search Skill

Security checks across malware telemetry and agentic risk

Overview

This is a coherent SearXNG search client with expected network and optional export behavior, but users should choose trusted endpoints and export paths carefully.

Install only from a source you trust, prefer a local or trusted SearXNG instance for private queries, keep SSL verification enabled except for local development, and do not let untrusted prompts choose the instance URL or export filepath. Pin and audit dependencies before production use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Intent-Code Divergence

Low
Confidence
92% confidence
Finding
The helper is named and documented as a URL validator, but it only checks for the presence of a scheme and netloc. That means potentially unsafe or unsupported schemes such as file://, ftp://, or other custom schemes may be treated as valid, which can weaken downstream security checks if callers rely on this function to restrict outbound destinations.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The export helpers write to any caller-provided filesystem path without validation, restriction, or user confirmation. If untrusted input can influence filepath, this can lead to arbitrary file overwrite, data clobbering, or writing sensitive search data to unintended locations; in an agent skill context, filesystem side effects are more sensitive because skills may be invoked with model- or user-supplied parameters.

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.28.0
urllib3>=1.26.0
python-dotenv>=0.19.0
Confidence
93% confidence
Finding
requests>=2.28.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.28.0
urllib3>=1.26.0
python-dotenv>=0.19.0
Confidence
94% confidence
Finding
urllib3>=1.26.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.28.0
urllib3>=1.26.0
python-dotenv>=0.19.0
Confidence
88% confidence
Finding
python-dotenv>=0.19.0

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High
Category
Supply Chain
Confidence
96% confidence
Finding
requests

Known Vulnerable Dependency: urllib3 — 10 advisory(ies): CVE-2025-66471 (urllib3 streaming API improperly handles highly compressed data); CVE-2024-37891 (urllib3's Proxy-Authorization request header isn't stripped during cross-origin ); CVE-2026-21441 (Decompression-bomb safeguards bypassed when following HTTP redirects (streaming ) +7 more

High
Category
Supply Chain
Confidence
98% confidence
Finding
urllib3

Known Vulnerable Dependency: python-dotenv — 1 advisory(ies): CVE-2026-28684 (python-dotenv: Symlink following in set_key allows arbitrary file overwrite via )

Low
Category
Supply Chain
Confidence
80% confidence
Finding
python-dotenv

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal