ClawHub

searxng-auto-proxy searxng自适应代理检测

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly consistent with SearXNG proxy automation, but it can run continuously and automatically change a shared Clash proxy route without tight scoping or clear consent controls.

Install only if you are comfortable with a background service that can control Clash. Use a dedicated Clash instance or SearXNG-only proxy group, keep the Clash API bound to a trusted local network, review the external Docker or pip options before using them, and know how to stop the nohup process and revert proxy settings.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The adapter does more than observe proxy health: it issues authenticated control-plane style requests to the Clash API to change the active upstream node. In a skill intended to support SearXNG routing decisions, modifying global proxy state expands authority and can affect unrelated traffic, creating an unnecessary and potentially risky side effect if the skill is compromised or misconfigured.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The code enumerates all available Clash proxy nodes, benchmarks them, and selects a new active node, which gives the skill broad visibility into and influence over the host's proxy infrastructure. That exceeds what is necessary for a search adapter and increases blast radius: a bug or abuse could reroute traffic, degrade privacy, or disrupt other applications sharing the same proxy service.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The README advertises automatic proxy switching, engine probing, and node optimization, but does not warn users that the skill can change network routing behavior, affect privacy boundaries, and potentially redirect traffic through different proxy nodes without explicit operator awareness. In a network-facing skill that integrates with Clash and performs automated routing decisions, missing disclosure and consent controls is a real security-relevant issue because operators may deploy it without understanding the system and privacy impact.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill describes automatic proxy detection, engine switching, and a SearXNG restart flow, but it does not prominently warn that normal operation can rewrite search-engine configuration and restart a running service. Hidden operational side effects can cause downtime, unexpected behavior changes, or break existing deployments, especially if invoked in an automated agent context.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The monitoring, logging, and alerting sections describe collection of performance and usage data, but they do not explain what data is stored, for how long, where logs are sent, or whether searches/query metadata may be exposed through alerts or dashboards. In a search-related skill, this omission is privacy-relevant because operational logs can easily include sensitive user queries, IPs, engine selections, and infrastructure details.

Ssd 3

Medium
Confidence
91% confidence
Finding
The report discloses sensitive operational details including internal filesystem paths, log locations, process names/PIDs, container names, internal IPs, exposed ports, service topology, and operator contact info. If this report is shared beyond a trusted audience, an attacker can use the information to map the environment, target services, and accelerate follow-on attacks or social engineering.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal