ClawHub

Langextract Search

Security checks across malware telemetry and agentic risk

Overview

This skill performs the advertised web search, model-based extraction, and local result saving workflow, with expected privacy considerations but no evidence of malicious behavior.

Install only if you are comfortable sending search queries and retrieved page snippets to the configured search and model providers. Keep API keys in environment variables where possible, use trusted model base URLs and proxies, consider a virtual environment with pinned dependencies, and delete the output files after sensitive searches.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill documentation advertises behaviors that imply network access, local file reads/writes, environment/config usage, and shell-based execution, but it does not declare permissions accordingly. This weakens user consent and security review because operators may invoke the skill without understanding its real capabilities, especially given that it can access the network and persist data locally.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The declared description does not fully match the observed behavior: it omits an additional network search integration and does not clearly disclose that outputs are persisted to local files. Undisclosed network destinations and silent persistence materially increase risk because users may expose sensitive queries or data and leave local artifacts they did not expect.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The markdown states that first-run configuration will save a selection into the project's conf.json, but it does not clearly warn that a local file will be modified. Even if the write is expected, undocumented config mutation can surprise users, interfere with repositories, or overwrite existing settings in shared workspaces.

Missing User Warnings

Low
Confidence
80% confidence
Finding
The skill prominently offers web search and proxy support but does not include a clear warning that user queries and possibly extracted content will be transmitted to external services. In search/extraction workflows, this matters because prompts may contain sensitive business or personal data, and proxy use can further affect routing and trust boundaries.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The script sends user queries and aggregated third-party web content to external services, including a configurable base URL, without a clear non-verbose consent or disclosure path. This creates a real privacy and data-handling risk because sensitive queries or scraped content may be transmitted off-host to vendors or even arbitrary endpoints configured in conf.json.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The workflow persists search queries, fetched web content, model outputs, and optionally full JSON results to disk by default without a prominent warning. This can expose sensitive user interests, proprietary research material, or regulated data to other local users, backups, logs, or downstream tooling that reads the output directory.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal