ClawHub

anydocs - Generic Documentation Indexing & Search

Security checks across malware telemetry and agentic risk

Overview

This documentation search skill is purpose-aligned, but users should review its browser-gateway, token, broad fetching, and local caching behavior before installing.

Install only if you are comfortable with a tool that can crawl websites, cache their text locally, and optionally use a browser-rendering gateway. Prefer a virtual environment, avoid indexing confidential or authenticated docs unless approved, clear ~/.anydocs/cache when needed, and only use browser gateway tokens with trusted local or HTTPS gateways.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill exposes capabilities that imply network access, local file read/write, shell execution, and environment access, but the manifest does not declare any permissions or warn users about that operational scope. In a skill that indexes arbitrary documentation sites and stores local cache/config files, this lack of transparency weakens reviewability and can lead users or host systems to grant broader access than intended.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README shows `--gateway-token YOUR_TOKEN` directly in example commands in the command reference section, which encourages passing secrets on the command line. CLI arguments are often exposed via shell history, process listings, logs, and terminal recordings, so users may inadvertently leak a real gateway token. In this skill's context, that token authorizes browser-rendering access and could be abused if disclosed.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation describes indexing and caching but does not prominently warn that the tool may download and persist potentially sensitive internal or proprietary documentation content to local storage. Because the skill is explicitly positioned for arbitrary and even internal documentation sites, users may unintentionally ingest confidential data into cache and indexes that remain on disk beyond the immediate session.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
When --use-browser is enabled, the CLI sends page fetches to a configurable gateway and may attach a gateway token, but the command flow does not clearly warn the user that documentation contents and credentials will be transmitted to another network service. This can lead to unintended disclosure if the gateway is remote, misconfigured, or malicious, especially because indexing may crawl many URLs automatically.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The code defaults `gateway_url` to `http://127.0.0.1:18789` and sends an `Authorization: Bearer ...` token plus browsing targets over plain HTTP. Even if the default is loopback, this is still insecure by design because deployments may override the host or expose the service through port-forwarding, containers, proxies, or remote interfaces, allowing token disclosure or request interception. In a scraping skill that can fetch arbitrary documentation URLs, compromise of the browser gateway could expand into SSRF-like internal browsing or misuse of privileged browser automation.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal