ClawHub
Back to skill

Security audit

Stealthy Google Search

Security checks across malware telemetry and agentic risk

Overview

This is a purpose-aligned Google search skill, but its installer may run a third-party browser setup with sudo and make system-level changes.

Review before installing. Only run the installer if you are comfortable with Scrapling installing browser and system dependencies, potentially via sudo. Prefer using a container or manually installing prerequisites, and do not search for secrets, private customer data, or sensitive internal terms unless sending them to Google is acceptable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill clearly performs outbound Google searches and its installer downloads packages and browser components, yet the metadata does not declare corresponding permissions or capabilities. This can mislead users and policy systems about what the skill will do, reducing informed consent and weakening enforcement around network-enabled behavior.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The install script goes beyond setting up a local Python environment and invokes Scrapling's installer to add browsers and system dependencies, optionally with sudo. That expands the trust boundary from a local venv package install to privileged host modification, which is risky for a skill whose stated purpose is only running Google queries and parsing results.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The install documentation states that the installer may attempt sudo and install Playwright system dependencies, which can modify the host outside the local venv. Encouraging privilege escalation and system-level package changes without a prominent warning increases the risk of unintended host modification or abuse if the install path or dependencies are compromised.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
This code sends the user-provided query to Google over the network using a stealth-oriented fetcher, but it provides no explicit warning, consent step, or privacy notice before transmitting potentially sensitive input. In an agent skill context, users may assume a local tool action, so silent external transmission can expose personal, proprietary, or regulated data.

Sudo/Root Execution

Medium
Category
Privilege Escalation
Content
if [ -x "$SCRAPLING_BIN" ]; then
  if command -v sudo >/dev/null 2>&1; then
    echo "[stealthy-google-search] running: sudo -E $SCRAPLING_BIN install"
    sudo -E env DEBIAN_FRONTEND=noninteractive "$SCRAPLING_BIN" install
  else
    echo "[stealthy-google-search] running: $SCRAPLING_BIN install"
    env DEBIAN_FRONTEND=noninteractive "$SCRAPLING_BIN" install
Confidence
96% confidence
Finding
sudo

Sudo/Root Execution

Medium
Category
Privilege Escalation
Content
if [ -x "$SCRAPLING_BIN" ]; then
  if command -v sudo >/dev/null 2>&1; then
    echo "[stealthy-google-search] running: sudo -E $SCRAPLING_BIN install"
    sudo -E env DEBIAN_FRONTEND=noninteractive "$SCRAPLING_BIN" install
  else
    echo "[stealthy-google-search] running: $SCRAPLING_BIN install"
    env DEBIAN_FRONTEND=noninteractive "$SCRAPLING_BIN" install
Confidence
96% confidence
Finding
sudo -E

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal