免Api聚合搜索Multi Search Engine

Security checks across malware telemetry and agentic risk

Overview

This skill is a documentation-only helper for searching public search engines, with no code execution, credential access, persistence, or hidden local access shown.

Install only if you are comfortable sending search queries to the selected search providers. Do not include secrets, private internal project names, personal data, credentials, or confidential business terms in searches, and verify the ClawHub publisher/slug/version because the bundled metadata is not fully consistent with the registry metadata.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill includes ready-to-use web_fetch examples that directly send arbitrary queries to third-party search engines, but it does not warn users that their prompts, search terms, or potentially sensitive data will be disclosed to external services. In an agent setting, users may paste confidential terms, internal hostnames, or personal data into search queries, creating unintended privacy leakage and possible logging by multiple providers.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal