ClawHub

SerpAPI

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward SerpAPI search wrapper that uses a configured API key and sends searches to SerpAPI, with privacy notes but no evidence of hidden or malicious behavior.

Install only if you are comfortable sending search terms, optional location data, and SerpAPI account usage to SerpAPI. Use a dedicated or revocable SERPAPI_API_KEY if possible, monitor quota usage, and avoid configuring a default location in TOOLS.md if you do not want location context reused automatically.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill documentation indicates access to environment variables, file reads, and network use via metadata and setup instructions, but it does not declare corresponding permissions. That mismatch weakens reviewability and consent because an agent may use capabilities that are not transparently surfaced to operators, especially with access to `SERPAPI_API_KEY` and local configuration files like `TOOLS.md`.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The skill reads local workspace files (including a path derived from an environment variable) to infer a default location, even though its primary purpose is external search. This creates unnecessary access to local context and can leak sensitive or user-specific location data to the external SerpAPI service without an explicit user request.

Vague Triggers

Medium
Confidence
76% confidence
Finding
The description uses broad trigger language such as general web search, products, local businesses, restaurants, shopping, images, and news, making the skill likely to be invoked for many ordinary user requests. In a networked skill, over-broad invocation increases the chance of unnecessary external requests and unintended disclosure of user queries or location data to a third-party service.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The code sends user queries and optional location data to a third-party API endpoint, but there is no explicit warning or consent flow informing the user that their inputs will leave the local environment. In a search skill, network transmission is expected, but silently forwarding inferred location data increases privacy risk and can surprise users.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal