ClawHub

SerpAPI Search

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward SerpAPI search helper, with the main risk being normal use of a SerpAPI key and sending search queries to SerpAPI.

Install only if you are comfortable giving the skill access to a SerpAPI key and sending your search terms to SerpAPI. Prefer an environment variable or managed secret store for the key; if using the config file, keep permissions restrictive, monitor billing/usage, and rotate the key if trust changes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Rogue AgentSelf-Modification, Session Persistence
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Session Persistence

Medium
Category
Rogue Agent
Content
Set `SERPAPI_API_KEY` env var, or store it:
```bash
mkdir -p ~/.config/serpapi
echo "your_key_here" > ~/.config/serpapi/api_key
chmod 600 ~/.config/serpapi/api_key
```
Confidence
88% confidence
Finding
mkdir -p ~/.config/serpapi echo "your_key_here" > ~/.config/serpapi/api_key chmod 600 ~/.config

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal