ClawHub
Back to skill

Security audit

google-search-web

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Google web-search helper, but it sends searches and any optional API key to a third-party service.

Install only if you are comfortable sending search terms to coze-js-api.devtool.uk. Avoid searching private or regulated data, use a key intended only for this provider, prefer AZT_API_KEY over command-line key passing, and install Python dependencies from a trusted source.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill explicitly uses environment variables and performs outbound network requests, but it does not declare corresponding permissions. This creates a transparency and governance gap: users and calling systems may not realize the skill can exfiltrate user queries or API keys to an external service, especially since `AZT_API_KEY` may be read implicitly from the environment.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger conditions are very broad and match common search-related requests without meaningful scoping or exclusions. In an agent setting, this can cause the skill to activate unexpectedly for generic queries, leading to unnecessary external requests and unintentional disclosure of user prompts or search terms to a third-party service.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill instructs the agent to send user-supplied search queries and optionally an API key to an external endpoint, but it does not provide a privacy or data-handling warning. This is dangerous because users may unknowingly transmit sensitive search terms and credentials off-platform to `coze-js-api.devtool.uk`, increasing risk of data leakage, third-party retention, or credential misuse.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The script transmits the user's search query and, if present, an API key to a third-party endpoint, but it does not clearly warn the user that their input will leave the local environment. In an agent skill context, users may assume a built-in search capability rather than an external relay service, which creates a meaningful privacy and credential-handling risk.

External Transmission

Medium
Category
Data Exfiltration
Content
payload["api_key"] = azt_api_key  # 接口字段名保持 api_key

    try:
        response = requests.post(
            API_URL,
            json=payload,
            timeout=150,
Confidence
91% confidence
Finding
requests.post( API_URL, json=

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.