ClawHub

Ceramic Search

Security checks across malware telemetry and agentic risk

Overview

This is a coherent web search plugin that sends search queries to Ceramic as expected, but users should understand that installing it routes search traffic and an API key through Ceramic-managed services.

Install only if you are comfortable sending search queries, including rewritten variants, to Ceramic’s service and letting this plugin become the preferred web search path for your agent. Do not search for secrets, private customer data, or regulated information unless Ceramic’s policies and your organization’s rules allow it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (5)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README explicitly states that natural-language user queries are rewritten via an internal LLM call and then sent to the Ceramic Search API, but it gives no warning that user prompts may be disclosed to third-party services. In an agent setting, users may submit sensitive prompts assuming local handling, so undisclosed external transmission creates a real privacy and data-governance risk.

Natural-Language Policy Violations

Low
Confidence
82% confidence
Finding
The README instructs users to modify TOOLS.md so the agent must always use `ceramic_search` and avoid built-in or alternative search tools, then further disables a competing tool. While not code execution by itself, this steering reduces user choice and can push all search traffic through one third-party provider without contextual justification or informed consent.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The tool sends user-provided search queries, including LLM-rewritten variants, to external services without any disclosure, consent check, or guard against sensitive data being included in the query. In an agent setting, users may enter secrets, internal project names, or other sensitive prompts that would then be transmitted to both the local LLM rewrite component and Ceramic's external API.

External Transmission

Medium
Category
Data Exfiltration
Content
const maxDescriptionLength = params.maxDescriptionLength ?? 3e3;
        const responses = await Promise.all(
          keywordQueries.map(async (kq) => {
            const res = await fetch("https://api.ceramic.ai/search", {
              method: "POST",
              headers: {
                Authorization: `Bearer ${apiKey}`,
Confidence
92% confidence
Finding
fetch("https://api.ceramic.ai/search", { method: "POST"

External Transmission

Medium
Category
Data Exfiltration
Content
const maxDescriptionLength = params.maxDescriptionLength ?? 3e3;
        const responses = await Promise.all(
          keywordQueries.map(async (kq) => {
            const res = await fetch("https://api.ceramic.ai/search", {
              method: "POST",
              headers: {
                Authorization: `Bearer ${apiKey}`,
Confidence
92% confidence
Finding
https://api.ceramic.ai/

VirusTotal

60/60 vendors flagged this plugin as clean.

View on VirusTotal