ClawHub

Unified Web Search (Iyeque)

Security checks across malware telemetry and agentic risk

Overview

This search skill is mostly purpose-aligned, but it runs an undeclared neighboring Tavily helper script with the full environment, so it needs review before use.

Install only if you trust the separate tavily-search helper present next to this skill and are comfortable running it with environment credentials. Prefer a restricted environment containing only TAVILY_API_KEY, avoid sensitive search queries unless intended for Tavily, and use local search only when exposing matching workspace filenames and paths is acceptable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The skill claims broad source selection and ranked provenance-based search, but the implementation description indicates it only supports Tavily and local filesystem searches while also accessing workspace files. This mismatch is dangerous because users may unknowingly expose queries to external services or permit local file enumeration under false assumptions about what the skill actually does and how it chooses sources.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill does not prominently warn that user queries may be transmitted to an external provider such as Tavily, which can leak sensitive prompts, internal project names, or other confidential data. In a search skill, this context makes the issue more dangerous because users are likely to enter arbitrary natural-language queries without realizing they may leave the local environment.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The local search feature returns full filesystem paths from the workspace, which can leak internal directory structure and sensitive project metadata to callers. In an agent setting, even filename-only matching can disclose the existence and naming of confidential files without an explicit consent or disclosure boundary.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill sends user queries to Tavily, an external network service, without any visible consent, disclosure, or policy gate in this file. In a unified search tool, users may reasonably expect local-only handling unless remote transmission is made explicit, so sensitive prompts or internal terms could be exfiltrated to a third party.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal