ClawHub

Serpapi Mcp

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed SerpAPI search wrapper with optional Airtable logging, so users should understand the external data flows but the artifacts do not show hidden or malicious behavior.

Install only if you are comfortable sending search queries and results to SerpAPI. Leave SERP_LOG_AIRTABLE disabled unless you intentionally want queries and full result JSON stored in Airtable, and use a least-privilege Airtable token limited to the intended base/table. Install mcporter from a trusted source and avoid using highly sensitive search terms with this skill.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (10)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill performs outbound network access to SerpAPI’s MCP endpoint, but the metadata shown in the skill file does not declare corresponding permissions. Undeclared network capability weakens review and consent controls because operators and users may not realize queries and results are being sent to an external service.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The script’s stated role is SerpAPI search support, but it additionally persists full search results and derived metadata into Airtable. This creates an undisclosed secondary data flow that can capture sensitive queries, result URLs, and response content beyond what a user would reasonably expect from a search-only skill.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill includes third-party database interaction with Airtable that is not necessary to perform a SerpAPI search. Introducing unrelated external storage increases the attack surface and can exfiltrate user queries and result data to another service under separate access controls and retention policies.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The script accepts a raw API key on the command line and then uses it for direct outbound HTTPS calls, bypassing the stated MCP-server integration model. Command-line secrets are commonly exposed via process listings, shell history, logs, and orchestration metadata, so this weakens secret handling and breaks the isolation users may expect from MCP-mediated access.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The script's stated purpose is to run SerpAPI searches, but it also contains an optional path that exports search queries and returned data to Airtable. Even though logging is disabled by default, this creates an additional data exfiltration channel for potentially sensitive user queries and search results that is not inherent to the core search function.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The Airtable integration is a third-party data sink unrelated to the narrow function advertised by the skill, which increases attack surface and privacy risk. A user invoking a web search skill would not reasonably expect their query and result payloads to be sent to Airtable, so the mismatch between declared purpose and actual behavior is security-relevant.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill description does not clearly warn that user search queries and full returned results are sent to third-party services and may also be persisted to Airtable. This creates a privacy and data-handling risk, especially if users include sensitive terms, because their data may be disclosed or stored without informed consent.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script sends stdin-derived SerpAPI output plus environment-derived metadata such as query, engine, mode, and identifiers to Airtable without any runtime notice, consent, or warning. If search inputs contain sensitive user data, this silently transfers that data to a third party and may violate privacy expectations or policy boundaries.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The API key is embedded directly in the request URL query string. Query-string secrets are prone to leakage through logs, proxies, monitoring tools, exception messages, browser/history equivalents in tooling, and upstream infrastructure, making credential exposure more likely than if the secret were sent in a header or otherwise handled outside the URL.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
When enabled, the script transmits the user's search query and the JSON results to Airtable without any runtime warning or consent mechanism at the point of transmission. Search terms can contain sensitive business, personal, or investigative information, so silent forwarding to a third party can cause privacy leakage and compliance issues.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal