ClawHub

Websearch

Security checks across malware telemetry and agentic risk

Overview

This skill performs the web-search function it advertises, but users should remember that their search terms are sent to external search providers.

Install only if you are comfortable with your search queries and IP address being visible to third-party search engines. Do not use it for passwords, API keys, confidential project names, personal data, or regulated information. The Google mode depends on headless Chromium and may be blocked or brittle; disabling the Google engine is reasonable if you want fewer browser-automation risks.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill clearly performs outbound network access to multiple search engines, but the metadata shown does not declare that capability. Undeclared network use weakens user/admin consent and policy enforcement, especially for a skill that can send arbitrary user queries to external services. In this context, the behavior is expected for a web search skill, which lowers suspicion of malice, but it is still a real security transparency and governance issue.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger guidance is very broad and instructs use whenever the user asks to search, verify facts, research topics, or look up information. That can cause the agent to invoke this skill for many ordinary requests without an explicit, deliberate web-search action from the user, leading to unintended external data disclosure and expanded attack surface through unnecessary browsing/scraping. Because this skill performs live network searches, overbroad auto-invocation is more dangerous than in a purely local utility.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The function sends the raw user-supplied query to Google via a real browser request, which exposes potentially sensitive user input to a third party without any disclosure or consent mechanism in this code path. In a web-search skill this behavior is expected functionally, but it is still a genuine privacy/security issue because queries may contain secrets, internal terms, or regulated data and are transmitted externally.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
This skill sends the user's query to multiple third-party search engines by design, but the code provides no notice, consent flow, or minimization before transmitting potentially sensitive user input off-platform. In an agent context, users may reasonably assume the tool is performing a generic search without realizing their exact prompts are being disclosed to six external services, creating a privacy and data-leak risk.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal