ClawHub

doc-search

Security checks across malware telemetry and agentic risk

Overview

This is a local document-search skill that reads a user-chosen docs folder and creates a local search index, with no evidence of network exfiltration or destructive behavior.

Install only if you want an agent to read and index a local document folder. Point it at a specific notes/docs directory, avoid sensitive unrelated folders, and remember the generated index may contain content-derived metadata that should not be synced or shared unintentionally.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill performs filesystem reads and writes by checking for an index, building one, and storing it under the target document directory, yet no permissions are declared. That creates a trust and consent gap: users or the runtime may believe this is a read-only search skill when it can persist data and modify the local filesystem.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The documented behavior does not match the actual operational workflow: the skill persists an index on disk, while advertised capabilities like LLM query expansion and precise grep-based location reporting are not reliably reflected by the detected implementation. Security-relevant mismatches are dangerous because users may consent to one scope of behavior while the skill silently performs broader or different actions, especially persistent local data processing.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The trigger phrases are broad enough to match many ordinary requests about finding or looking up information, which can cause the skill to activate outside the user's intended scope. In this skill's context, ambiguous invocation is more risky because activation can lead to local directory scanning and persistent index creation, not just a harmless read-only lookup.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal