ClawHub

Serper Search

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Serper.dev search helper that uses an API key and sends search or Places queries to Serper, with no hidden execution or persistence.

Install only if you are comfortable giving the agent a Serper API key and sending intended search terms to Serper.dev. Do not use it for secrets, confidential business terms, regulated data, or personal information unless that third-party handling is acceptable, and handle returned business phone/address data according to applicable privacy, marketing, and retention rules.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Description-Behavior Mismatch

Medium
Confidence
85% confidence
Finding
The manifest and top-level description position the skill as a Google organic search utility, but the documentation adds a Places/Maps capability that returns phone numbers, addresses, ratings, and websites for lead generation. This scope expansion increases data collection sensitivity and can cause the agent to use the skill for contact harvesting without clear declaration or consent expectations.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The description is broad enough to match many generic information-seeking tasks, which can cause over-invocation of a third-party networked skill. That increases the chance that user queries or sensitive research prompts are unnecessarily transmitted to Serper without the user realizing an external service is being used.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The documented search function sends arbitrary user-provided queries to an external API, but the skill does not include an explicit warning that user input will leave the local environment. If users or downstream agents pass sensitive prompts, proprietary terms, or personal data, that information is disclosed to a third party.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The Places example encourages collection of business contact details and transmits place-search queries to a third party without warning about data sharing or responsible handling. This makes the skill more sensitive than ordinary search because it explicitly facilitates contact harvesting workflows.

External Transmission

Medium
Category
Data Exfiltration
Content
"Content-Type": "application/json"
    }
    payload = {"q": query, "num": num, "gl": gl}
    r = requests.post("https://google.serper.dev/search", headers=headers, json=payload)
    r.raise_for_status()
    
    results = r.json().get("organic", [])
Confidence
90% confidence
Finding
requests.post("https://

External Transmission

Medium
Category
Data Exfiltration
Content
"""
    headers = {"X-API-KEY": os.environ["SERPER_API_KEY"], "Content-Type": "application/json"}
    payload = {"q": query, "gl": gl}
    r = requests.post("https://google.serper.dev/places", headers=headers, json=payload)
    return r.json().get("places", [])

# Places returns website URLs + phone numbers directly — great for lead gen!
Confidence
91% confidence
Finding
requests.post("https://

External Transmission

Medium
Category
Data Exfiltration
Content
"Content-Type": "application/json"
    }
    payload = {"q": query, "num": num, "gl": gl}
    r = requests.post("https://google.serper.dev/search", headers=headers, json=payload)
    r.raise_for_status()
    
    results = r.json().get("organic", [])
Confidence
90% confidence
Finding
requests.post("https://google.serper.dev/search", headers=headers, json=

External Transmission

Medium
Category
Data Exfiltration
Content
"""
    headers = {"X-API-KEY": os.environ["SERPER_API_KEY"], "Content-Type": "application/json"}
    payload = {"q": query, "gl": gl}
    r = requests.post("https://google.serper.dev/places", headers=headers, json=payload)
    return r.json().get("places", [])

# Places returns website URLs + phone numbers directly — great for lead gen!
Confidence
91% confidence
Finding
requests.post("https://google.serper.dev/places", headers=headers, json=

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal