ClawHub

Multi Search Engine

Security checks across malware telemetry and agentic risk

Overview

This search skill appears purpose-aligned, but its privacy wording understates that user queries are sent to third-party search engines.

Install only if you are comfortable with your search terms, IP/request metadata, and any in-memory session cookies being sent to the selected search engines. Avoid using it for secrets, credentials, confidential business topics, regulated data, or highly sensitive personal searches unless the publisher clarifies the privacy notice and provider routing controls.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Intent-Code Divergence

High
Confidence
99% confidence
Finding
The skill explicitly performs outbound requests to third-party search engines, so stating that there is 'no external data transmission' is materially false. This can mislead users and downstream agents about the privacy boundary of the skill, causing sensitive queries to be sent off-platform without informed consent.

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
User search queries are transmitted to external search engines, and those queries may contain personal, confidential, or regulated information. Claiming that no personal data is transmitted understates the real privacy risk and may cause inappropriate use of the skill with sensitive inputs.

Natural-Language Policy Violations

Medium
Confidence
86% confidence
Finding
Automatically routing queries to different engines based on detected language sends user data to specific third-party services without explicit user choice. In this context, language-based routing can also change the jurisdiction, privacy posture, and censorship environment of the recipient services, increasing privacy and compliance risk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The workflow and examples instruct the agent to send requests and acquire cookies, but they do not present a clear, prominent warning that user queries and associated session data are being sent to external services. This omission undermines informed consent and can expose sensitive searches to third parties unexpectedly.

Missing User Warnings

High
Confidence
99% confidence
Finding
The data-handling notice directly contradicts the documented behavior of the skill, which is to send search requests to third-party engines. Such contradictory privacy claims are dangerous because users and orchestrating systems may rely on them when deciding whether the skill is safe for sensitive data.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The document includes executable examples that send user search terms directly to third-party search engines, but it does not warn that queries, IP address, user agent, and other metadata may be exposed to those providers. In an agent skill context, users may assume searches are local or privacy-preserving, so omission of disclosure can lead to unintended data leakage, especially for sensitive or proprietary queries.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The guide explicitly documents parameters that disable safe search without warning that this can expose users to adult, malicious, or otherwise unsafe content. In a reusable search skill, this lowers built-in safeguards and may cause the agent to retrieve harmful content unexpectedly, including in contexts involving minors or enterprise environments.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The Startpage section includes a parameter to turn off family filtering but does not explain the associated risk of unsafe-content exposure. Because this is presented as a normal option in a skill reference, users or downstream agents may adopt it without understanding that it weakens content-safety controls.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal