ClawHub

Web Insight

Security checks across malware telemetry and agentic risk

Overview

This web-search skill is broadly coherent, but it sends API keys and search terms over plain HTTP and saves full results locally by default, so users should review it before installing.

Install only if you are comfortable sending your Feedax API key and search terms to the configured service and having results saved on the local Desktop by default. Avoid sensitive investigations unless the endpoint is changed to HTTPS, API-key checks stop printing secrets, triggers are narrowed, and saving results becomes explicit or user-controlled.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill appears to use environment access, local file read/write, and network capabilities without declaring corresponding permissions in SKILL.md. This creates a transparency and consent gap: an agent or reviewer may authorize the skill based on incomplete metadata while the implementation can access secrets and persist data locally or exfiltrate results over the network.

Tp4

High
Category
MCP Tool Poisoning
Confidence
87% confidence
Finding
The documented purpose is web content search and analysis, but the detected behaviors include unrelated CLI utilities and writing search results to a local Desktop JSON file. This mismatch is dangerous because hidden or undocumented behaviors increase the chance of unexpected local data persistence, misuse of the host environment, and reduced ability for users or orchestration systems to assess risk accurately.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The CLI automatically persists retrieved content and the full request parameters, including the user's query and filters, to a local JSON file on the Desktop without an explicit opt-in or warning. In a monitoring/intelligence tool, searches may contain sensitive investigative terms, targets, or internal context, so silent disk persistence creates avoidable data exposure to other local users, backups, sync tools, or endpoint indexing.

Missing User Warnings

High
Confidence
99% confidence
Finding
The client is configured to send queries, filters, and the API key to a remote service over plain HTTP rather than HTTPS. Because this skill handles potentially sensitive search terms and includes credentials in both the JSON body and headers, any attacker on the network path can intercept or modify requests and responses.

Vague Triggers

High
Confidence
95% confidence
Finding
The trigger list includes very broad, high-frequency words such as 搜索, 检索, 查找, 查询, 信息, and 监测, which can cause the skill to activate in many unrelated conversations. In an agent environment, overbroad auto-invocation can unintentionally route benign user requests into external web-search and data-processing flows, increasing the chance of unnecessary data exposure, surprising behavior, and unintended API usage.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill states that complete search results are automatically saved to a desktop directory, but it does not require a clear user-facing warning or consent step before writing data to local storage. Because this skill handles potentially sensitive monitoring and intelligence results, silent persistence can create privacy, retention, and data leakage risks, especially on shared machines or managed agent hosts.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal