ClawHub

Parallel 1.0.1

Security checks across malware telemetry and agentic risk

Overview

The skill does what it claims, but it quietly includes a default Parallel.ai API key that could send searches through an unknown account.

Review this before installing. The search functionality is purpose-aligned, but configure your own PARALLEL_API_KEY and avoid relying on the bundled key. Do not submit secrets, regulated data, or proprietary queries unless you are comfortable sending them to Parallel.ai, and consider pinning or verifying the Python dependency before installation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill advertises executable capabilities via shell commands and environment/API-key usage but does not declare any permissions. This creates hidden execution and secret-access behavior that can bypass user expectations and policy controls, especially in agent frameworks that rely on explicit permission metadata for gating risky actions.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The documented purpose is generic web search, but the behavior reportedly extends to specialized research workflows, async task handling, and embedded default API key usage. This mismatch is dangerous because it obscures the real data flows and operational scope of the skill, increasing the chance of undisclosed third-party transmission, unintended automation, and credential misuse.

Context-Inappropriate Capability

Medium
Confidence
99% confidence
Finding
The code embeds a hardcoded fallback API key, which means anyone with access to the skill source can use that credential to access the external Parallel.ai service. This is a real secret exposure issue and can enable unauthorized API consumption, billing abuse, and potential attribution of third-party activity to the skill author.

Vague Triggers

Medium
Confidence
88% confidence
Finding
Using the trigger phrase "research" makes the skill eligible for activation in a very wide range of unrelated user requests. In agent environments, overly broad triggers can cause accidental invocation of external-networked tooling, leading to unnecessary data disclosure, unintended API usage, or execution of associated scripts without clear user intent.

Missing User Warnings

High
Confidence
99% confidence
Finding
The script embeds a default Parallel.ai API key directly in the code, so anyone with access to the skill can reuse the credential for unauthorized API calls. In an agent skill context, this is especially risky because the key may be silently used in automated workflows, causing credential leakage, quota abuse, billing impact, and accidental sharing across environments.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill sends user-provided research queries to an external third-party API, but the help text does not clearly disclose that query contents leave the local environment. In an agent setting, users may include sensitive prompts, internal names, or proprietary data, making undisclosed external transmission a meaningful privacy and data-handling risk.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The user query is sent directly to a third-party API, but the script provides no disclosure, warning, or consent mechanism before transmitting potentially sensitive research terms off-host. In a research/search skill this data flow is expected functionally, but the lack of transparency still creates a privacy and data-handling risk if users assume queries remain local.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal