ClawHub

cn-ai-search

Security checks across malware telemetry and agentic risk

Overview

This search skill mostly does what it claims, but it under-discloses third-party query routing and ships embedded API keys.

Install only if you are comfortable with search terms being sent to external search engines and Jina Reader. Treat the bundled API keys as unsafe shared credentials: replace them with your own environment-managed keys or remove them, and avoid submitting sensitive, proprietary, or regulated queries.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (10)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill advertises an out-of-the-box search tool and the static analysis indicates it performs network operations without declaring corresponding permissions. Undeclared network capability is dangerous because users and hosting agents cannot make an informed trust decision, and the skill may send queries or metadata to external services unexpectedly.

Tp4

High
Category
MCP Tool Poisoning
Confidence
98% confidence
Finding
This is a substantive behavior mismatch, not just a documentation issue: the code reportedly sends data to an undisclosed external Jina Reader service, includes an Authorization header with a Jina API key, and contains an additional Tavily API key despite incomplete or absent described functionality. Hidden third-party data flows and embedded credentials materially increase privacy, supply-chain, and secret-exposure risk, especially for a search skill that processes potentially sensitive user queries.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README promotes multi-platform search and Tavily-based AI summarization but does not clearly disclose that user queries may be transmitted to multiple external services. In an agent context, users may pass sensitive prompts, internal research topics, or proprietary data, so lack of disclosure and consent creates a real privacy and data-handling risk.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The tool sends the user's search term to multiple third-party services (search engines and the Jina proxy) without any explicit notice, consent flow, or minimization. Search queries can contain sensitive personal, corporate, or investigative information, so silent transmission to several external providers creates a real privacy and data-exposure risk.

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.31.0
beautifulsoup4>=4.12.0
pydantic>=2.0.0
click>=8.0.0
Confidence
93% confidence
Finding
requests>=2.31.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.31.0
beautifulsoup4>=4.12.0
pydantic>=2.0.0
click>=8.0.0
Confidence
93% confidence
Finding
beautifulsoup4>=4.12.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.31.0
beautifulsoup4>=4.12.0
pydantic>=2.0.0
click>=8.0.0
Confidence
93% confidence
Finding
pydantic>=2.0.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.31.0
beautifulsoup4>=4.12.0
pydantic>=2.0.0
click>=8.0.0
Confidence
93% confidence
Finding
click>=8.0.0

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High
Category
Supply Chain
Confidence
88% confidence
Finding
requests

Known Vulnerable Dependency: pydantic — 3 advisory(ies): CVE-2021-29510 (Use of "infinity" as an input to datetime and date fields causes infinite loop i); CVE-2024-3772 (Pydantic regular expression denial of service); CVE-2021-29510 (Pydantic is a data validation and settings management using Python type hinting.)

High
Category
Supply Chain
Confidence
82% confidence
Finding
pydantic

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal