ClawHub

Ddg Free

Security checks across malware telemetry and agentic risk

Overview

This is a small Bing search helper; it sends search terms to Bing and returns parsed JSON results, with no evidence of credential access, persistence, or destructive behavior.

Use this only for ordinary public web searches. Do not include passwords, tokens, private records, or sensitive personal details in queries. Before relying on it, verify the installed script path and install missing Python dependencies from trusted sources if needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill advertises and invokes a web search capability via a Python script, which implies outbound network access, but no corresponding permission is declared in the skill metadata. This creates a transparency and policy-enforcement gap: users or orchestrators cannot accurately assess what the skill is allowed to do, and networked behavior may occur without explicit consent or review.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The top-level description is broad enough to match many generic information-seeking prompts, increasing the chance the skill is invoked automatically in situations where web access is unnecessary or inappropriate. Over-broad routing can expose user queries to external services, return untrusted web content, and bypass more constrained local tools.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The 'When to use' section lists very generic triggers like needing information or documents, which do not provide safe boundaries for invocation. In practice, this can cause indiscriminate use of network search for broad classes of user requests, including ones containing sensitive data or ones better served by trusted internal sources.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal