ClawHub

SearXNG-lite

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed multi-engine search tool, so its network requests are expected, but users should avoid sending sensitive queries to it.

Install dependencies in a virtual environment if possible. Do not search for secrets, credentials, customer data, private internal URLs, or sensitive proprietary topics, because selected providers and any proxy may receive and log the query. Only configure a proxy you trust.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill clearly invokes a local Python script that performs outbound web requests and can consume environment-based proxy settings, yet no permissions are declared. This can mislead operators and downstream policy systems about the skill's true capabilities, reducing oversight for network access and environment-variable use.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The skill exceeds its declared role as a web-search aggregator by including translation, computational answering, image search, and video retrieval engines. This capability expansion increases data-sharing surface and can cause policy/consent mismatches, because user prompts may be routed to services they would not reasonably expect from the manifest.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The Lingva translation function is not necessary for a search aggregation skill and sends arbitrary user text to a third-party translation service. That creates an unexpected external-transmission path for potentially sensitive prompts, beyond the user's likely understanding of this skill's purpose.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The Wolfram|Alpha integration is an answer/computation feature rather than search aggregation, and it transmits raw user queries to a third-party computational API. This broadens the skill's authority and may expose sensitive analytical or proprietary queries to an external service without clear scoping or notice.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill encourages users to submit arbitrary queries to a script that forwards them to multiple third-party services, but it does not prominently warn that those queries leave the local environment. Sensitive prompts, internal project names, credentials, or proprietary research terms could be unintentionally disclosed to external providers or proxies.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The core behavior of the skill is to transmit user-supplied queries to numerous third-party services, but the code provides no consent prompt, redaction, or disclosure mechanism. In an agent setting, users may submit secrets, internal project names, or sensitive research topics, making silent multi-destination forwarding a meaningful privacy risk.

External Transmission

Medium
Category
Data Exfiltration
Content
# ── 实用工具 ──

def _wolframalpha(query: str, client: httpx.Client, **_) -> list[dict]:
    resp = client.get("https://api.wolframalpha.com/v1/result",
        params={"i": query, "appid": "DEMO"},
        headers={"User-Agent": _ua()}, follow_redirects=True, timeout=10)
    if resp.status_code == 200 and resp.text:
Confidence
90% confidence
Finding
https://api.wolframalpha.com/

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal