ClawHub

fofa-query

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed FOFA asset-search helper that uses a FOFA API key and sends user-directed searches to FOFA, with no evidence of hidden execution, persistence, or destructive behavior.

Install only if you intend to use FOFA for authorized asset discovery or security research. Keep FOFA_API_KEY private, use narrow queries, and remember that FOFA receives the domains, IPs, organizations, and search terms you submit.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill requires environment access for FOFA_API_KEY and makes network calls to a third-party service, but it does not declare permissions in a way that clearly exposes those capabilities to the caller. This creates a transparency and consent gap: users may trigger a networked skill that consumes secrets and transmits query content externally without an explicit permission boundary.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger conditions are broad enough to match many generic security, asset discovery, and vulnerability-research requests, which can cause the skill to be invoked when the user did not specifically intend to use FOFA. In context, that means user prompts may be redirected into third-party querying and credentialed network activity unexpectedly.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explains how to configure FOFA credentials but does not clearly warn that user queries and the configured credential will be sent to a third-party service. This is dangerous because sensitive targets, investigative intent, internal identifiers, or proprietary search terms could be disclosed externally without informed user consent.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal