ClawHub

searxng-web-search

Security checks across malware telemetry and agentic risk

Overview

This is a coherent web-search skill, but users should understand that searches are sent to a configured SearXNG service and deployment examples need privacy hardening.

Install only if you want the agent to perform web searches through SearXNG. Use a trusted or self-hosted endpoint, prefer HTTPS for non-local servers, do not include secrets or sensitive private terms in search queries, and bind any local SearXNG service to localhost unless you intentionally secure it for network access.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
84% confidence
Finding
The invocation description is very broad ('search the web', 'gather external context', 'research a topic'), which makes over-triggering likely for many ordinary prompts. In an agentic system, this can lead to unnecessary external requests, sending user queries or sensitive context to a remote service when a local answer would have sufficed.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The markdown explains configuration and usage but does not warn that search queries are transmitted over the network to a SearXNG instance, which may be self-hosted or remote. Without an explicit disclosure, users may unknowingly send sensitive prompts, identifiers, or proprietary research terms to external infrastructure.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The Docker example binds SearXNG to 0.0.0.0, exposing the service on all network interfaces, but the guide does not warn that this makes the instance reachable beyond localhost depending on host firewall and port exposure. In the context of a search service with JSON API enabled, broader exposure increases the chance of unauthorized access, scraping abuse, and accidental internet exposure of a private instance.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The sample configuration disables both the rate limiter and safe search without explaining the operational and safety consequences. This weakens abuse protections and content filtering, making the instance easier to misuse for automated querying and more likely to return unsafe content, which is especially relevant for an agent skill intended to fetch external web data.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The tool defaults to `http://localhost:8080`, meaning search queries may be sent over cleartext HTTP if the service is remote, container-forwarded, or otherwise exposed beyond the local host boundary. Even for localhost, the skill gives no user-facing warning that queries are transmitted over the network, which can lead to accidental disclosure of sensitive searches and make misconfiguration easier.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal