ClawHub

Handy01 Multi Search Engine

Security checks across malware telemetry and agentic risk

Overview

This search skill mostly does what it claims, but it wrongly says searches stay local even though it sends queries to external search engines.

Review before installing. Use it only for searches you are comfortable sending to providers such as Google, Baidu, DuckDuckGo, Yahoo, Startpage, Brave, Ecosia, Qwant, and WolframAlpha. Avoid confidential names, private URLs, credentials, regulated data, or sensitive personal details unless you intentionally want those terms sent to third parties. The publisher should correct the privacy notice and make provider choice clearer.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The documentation claims 'Local Execution: All operations run locally, no external data transmission,' but the skill explicitly sends outbound requests to multiple third-party search engines. This is a misleading privacy/security statement that can cause users or downstream agents to disclose sensitive queries under false assumptions about network behavior.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The skill states it does not collect or transmit personal information, but any user query containing names, emails, account details, health, legal, or other personal data will be sent to external search providers. This mismatch creates a privacy risk because users may provide sensitive inputs believing no personal data leaves the local environment.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The workflow instructs the agent to execute web searches and acquire session cookies from search engine homepages, which necessarily discloses user queries, IP-related metadata, and session identifiers to third parties. The skill does not present a prominent, actionable warning or obtain user consent before this disclosure, increasing privacy and compliance risk.

Natural-Language Policy Violations

Medium
Confidence
90% confidence
Finding
Automatically routing Chinese queries to a fixed set of domestic engines and non-Chinese queries to international engines removes user control over where their data is sent. Because jurisdiction, censorship, surveillance, and privacy practices vary by provider, forced routing can expose users to providers they would not have chosen.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal