ClawHub

Kagi Fastgpt

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says for Kagi FastGPT, but its wrapper can download and run an unverified GitHub release binary on first use.

Install only if you are comfortable sending queries to Kagi and using a Kagi API key that may incur charges. Prefer building the included Go source yourself or manually verifying the GitHub release checksum before allowing the wrapper to download and run a prebuilt binary.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill clearly relies on environment variables and shell commands, but it does not declare corresponding permissions. Undeclared capabilities reduce transparency and can cause the agent or user to invoke a skill without understanding that it will access local environment data and execute shell-based install/build steps.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The wrapper script bootstraps itself by querying GitHub for the latest release and then downloading and executing a prebuilt binary. This creates a software supply-chain risk because runtime behavior depends on remote content outside the reviewed script, and there is no checksum, signature, or pinned version verification before execution.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The skill has broader capabilities than its declared purpose by building Go code locally or fetching and installing executables from GitHub releases. Even if intended for convenience, this expands the trust boundary to the local toolchain and remote release infrastructure, increasing risk of code execution from tampered source, compromised dependencies, or malicious release assets.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill sends user queries to Kagi's external FastGPT API, which in turn performs live web search, but the description does not clearly warn users that their prompts leave the local environment. This creates a privacy and data-handling risk if users submit sensitive, proprietary, or regulated information assuming the skill is local-only.

External Transmission

Medium
Category
Data Exfiltration
Content
esac

    if command -v curl >/dev/null 2>&1; then
      RELEASE_META="$(curl -fsSL "https://api.github.com/repos/joelazar/kagi-skills/releases/latest")"
    elif command -v wget >/dev/null 2>&1; then
      RELEASE_META="$(wget -qO- "https://api.github.com/repos/joelazar/kagi-skills/releases/latest")"
    else
Confidence
81% confidence
Finding
https://api.github.com/

External Transmission

Medium
Category
Data Exfiltration
Content
if command -v curl >/dev/null 2>&1; then
      RELEASE_META="$(curl -fsSL "https://api.github.com/repos/joelazar/kagi-skills/releases/latest")"
    elif command -v wget >/dev/null 2>&1; then
      RELEASE_META="$(wget -qO- "https://api.github.com/repos/joelazar/kagi-skills/releases/latest")"
    else
      echo "Error: Neither curl nor wget found. Please download the binary manually from:" >&2
      echo "  https://github.com/joelazar/kagi-skills/releases/latest" >&2
Confidence
81% confidence
Finding
https://api.github.com/

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal