ClawHub

小艺联网搜索

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real web-search skill, but it ships a cloud API token in the code and sends searches to Huawei Cloud without enough privacy or credential controls.

Install only if you are comfortable sending search queries to Huawei Cloud. Do not use it for secrets, personal data, internal company terms, or confidential research. The publisher should remove and rotate the embedded token, require user-supplied credentials, add clear privacy disclosure, and regenerate dependency metadata with safer pinned HTTPS sources.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Tp4

High
Category
MCP Tool Poisoning
Confidence
93% confidence
Finding
The documentation explicitly states that a Bearer Token is hardcoded in the skill code, which means anyone with access to the skill can likely recover reusable credentials for an external cloud service. This is a genuine security issue because embedded secrets enable unauthorized API use, quota theft, billing abuse, and possible access to associated service data beyond the user’s intended search functionality.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The file hardcodes a long-lived Huawei Cloud bearer token directly in source code. This is a real secret exposure: anyone with access to the skill can reuse the credential to call the vendor API, incur costs, exhaust quotas, or access service functionality outside the intended user flow. In this skill context, embedding the token is especially dangerous because the skill's purpose is simple web search and does not require distributing a reusable cloud credential to every recipient of the code.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill documentation normalizes the presence of a hardcoded token ('已固化在代码中') without warning about the security implications, encouraging unsafe secret-handling practices. In the context of a distributable skill, this increases the likelihood of credential leakage and misuse because users may install or redistribute code containing live authentication material.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The skill advertises live web search via a cloud API but does not clearly warn that user queries are transmitted to Huawei Cloud, which creates a privacy and data-governance risk. This is especially relevant for agent skills because users may submit sensitive prompts, internal terms, or regulated data assuming local processing.

Missing User Warnings

Medium
Confidence
81% confidence
Finding
The code sends the user's query to an external Huawei Cloud endpoint, but the CLI flow does not clearly warn users that their input will leave the local environment and be processed by a third party. This is a privacy and data-handling issue rather than code execution, but it becomes meaningful if users enter sensitive prompts, internal terms, or regulated data assuming the tool is local. The skill context increases relevance because a search utility naturally encourages arbitrary user-entered text, which may include confidential information.

Unpinned Dependencies

Low
Category
Supply Chain
Content
"search": "node search.js"
  },
  "dependencies": {
    "axios": "^1.6.0"
  }
}
Confidence
91% confidence
Finding
"axios": "^1.6.0"

Known Vulnerable Dependency: axios==1.6.0 — 10 advisory(ies): CVE-2025-62718 (Axios has a NO_PROXY Hostname Normalization Bypass that Leads to SSRF); CVE-2026-42044 (Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget in `pars); CVE-2026-25639 (Axios is Vulnerable to Denial of Service via __proto__ Key in mergeConfig) +7 more

High
Category
Supply Chain
Confidence
98% confidence
Finding
axios==1.6.0

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal