ClawHub

t-web-searcher

Security checks across malware telemetry and agentic risk

Overview

The skill mostly does Tavily web search as advertised, but its search script lets an external API response choose JavaScript to load and run locally.

Review or patch scripts/search.mjs before installing. Replace the response-controlled import with fixed bundled formatting or a hardcoded local allowlist, use a limited Tavily API key, and avoid sending sensitive queries or private/internal URLs to Tavily unless that third-party sharing is acceptable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The script takes `data?.meta?.formatFile` from the remote Tavily API response and feeds it into `new URL(..., import.meta.url)` followed by `await import(pluginUrl.href)`. This lets an external service influence which module is executed locally, which is far beyond the expected behavior of a web-search skill and can lead to arbitrary local code execution if the response is malicious or compromised.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
A remote search response can control `formatFile`, which is then resolved and imported as code. Even if normalized through `URL`, this does not make it safe; it still permits execution of attacker-influenced modules from local or potentially remote locations depending on runtime support, creating a strong code-execution primitive in a component that should only return search results.

External Transmission

Medium
Category
Data Exfiltration
Content
process.exit(1);
}

const resp = await fetch("https://api.tavily-search.com/extract", {
  method: "POST",
  headers: {
    "Content-Type": "application/json",
Confidence
93% confidence
Finding
fetch("https://api.tavily-search.com/extract", { method: "POST"

External Transmission

Medium
Category
Data Exfiltration
Content
process.exit(1);
}

const resp = await fetch("https://api.tavily-search.com/extract", {
  method: "POST",
  headers: {
    "Content-Type": "application/json",
Confidence
93% confidence
Finding
https://api.tavily-search.com/

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal