ClawHub

My Searxng

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward SearXNG search skill, but users should verify the configured search server before using it.

Before installing, edit scripts/searxng.ini so it points to a SearXNG instance you control or explicitly trust. Treat searches as visible to that instance and possibly to its upstream engines, avoid sensitive queries on public instances, and be aware that HTTPS certificate checks are disabled by the script.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill performs network access to a local SearXNG instance and explicitly states it may auto-create a configuration file, yet it declares no permissions. This creates a capability/permission mismatch that can surprise users and weaken trust boundaries, especially because file writes and outbound requests happen implicitly during normal use.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The trigger list includes very broad phrases such as general web-search verbs in multiple languages, which can cause the skill to activate unexpectedly on ordinary conversation. In an agent environment, overbroad activation can lead to unintended network access, disclosure of user prompts to the configured search backend, or tool invocation when the user did not intend to search externally.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger list contains broad everyday phrases such as 'search for', 'find information', and multiple common Chinese phrases, making accidental invocation likely. In a network-enabled skill, unintended activation can cause unplanned web queries, data disclosure in search terms, and shadowing of other assistant functionality.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill sends user search queries to a configured SearXNG endpoint over the network without any user-facing disclosure or confirmation, despite being presented as a privacy-respecting search tool. This is more dangerous in skill context because users may assume searches stay local or private, while the configured endpoint may be remote, operator-controlled, or use insecure transport, causing unintended disclosure of sensitive prompts or research activity.

Shadow Command Trigger

Medium
Category
Trigger Abuse
Confidence
90% confidence
Finding
The trigger 'search for' overlaps a built-in search-style command and can shadow native behavior. Because this skill performs live network searches, users may unknowingly invoke the skill instead of a built-in feature, causing unintended external requests and reducing predictability of command routing.

Shadow Command Trigger

Medium
Category
Trigger Abuse
Confidence
90% confidence
Finding
The trigger 'search web' is highly likely to collide with built-in search behavior. In context, this is more dangerous because the skill can make outbound queries to a configured instance, so a collision can redirect ordinary assistant usage into a third-party/local service without clear user awareness.

Shadow Command Trigger

Medium
Category
Trigger Abuse
Confidence
86% confidence
Finding
The trigger 'find information' is an extremely generic phrase that can intercept common assistant requests and reroute them into this skill. Given that the skill issues network requests, accidental routing can expose sensitive or private queries to the configured SearXNG instance and produce confusing behavior for users.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal