ClawHub

Searxng 1

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed SearXNG search skill with real privacy and TLS caveats, but no evidence of hidden or malicious behavior.

Install this only if you trust the SearXNG instance in SEARXNG_URL. Prefer your own local instance, avoid sending secrets or sensitive internal text as search queries, and enable TLS verification or use a trusted certificate setup if connecting to a remote HTTPS instance.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (8)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill invokes a Python script, depends on an environment variable, and performs outbound requests to a SearXNG instance, yet it does not declare corresponding permissions. This creates a transparency and policy-enforcement gap: users or platforms may approve the skill without understanding that it reads configuration from the environment and can access the network.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README strongly emphasizes privacy but does not clearly warn that SearXNG forwards user queries to upstream search engines, and it explicitly suggests use of public instances. This can mislead users into believing searches remain fully local/private when in reality sensitive queries may be disclosed to third parties, especially on public or misconfigured instances.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The triggers 'search for', 'search web', 'find information', and 'look up' are broad, natural phrases likely to appear in ordinary conversation. This can cause the skill to activate unexpectedly and route user queries through this skill instead of safer or intended built-in behavior, increasing the chance of unintended network access and command shadowing.

Missing User Warnings

Low
Confidence
78% confidence
Finding
User search terms are transmitted to the configured SearXNG instance, yet the CLI does not clearly disclose at execution time that queries leave the local process and are sent over the network. In an agent-skill context, users may assume a 'local/privacy-respecting' search is entirely local, so missing disclosure can cause unintended data sharing to whatever endpoint is configured in SEARXNG_URL.

Shadow Command Trigger

Medium
Category
Trigger Abuse
Confidence
88% confidence
Finding
The trigger 'search for' overlaps with a built-in search command, creating a shadowing risk where this skill may intercept requests intended for core functionality. In context, that means user queries could be redirected to an external/local SearXNG endpoint without clear user intent, altering trust boundaries and behavior.

Shadow Command Trigger

Medium
Category
Trigger Abuse
Confidence
88% confidence
Finding
The trigger 'search web' also conflicts with built-in search semantics and can cause ambiguous routing. Because the skill performs network-backed searches, unintended activation can expose user queries to a configured search service and bypass expected built-in safeguards or UX.

Shadow Command Trigger

Medium
Category
Trigger Abuse
Confidence
84% confidence
Finding
The trigger 'find information' overlaps with generic assistant behavior and the built-in 'find' command, making accidental interception plausible. In this skill's context, interception is more concerning because it can initiate network queries to a configurable endpoint for routine user requests.

Unsafe Defaults

Medium
Category
Tool Misuse
Content
## SSL/TLS Notes

The skill is configured to work with self-signed certificates (common for local SearXNG instances). If you need strict SSL verification, edit the script and change `verify=False` to `verify=True` in the httpx request.

## Troubleshooting
Confidence
96% confidence
Finding
verify=False

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal