ClawHub

AEO Prompt Question Finder

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: it queries Google Autocomplete for question ideas, with a clearly documented optional search-volume lookup that uses DataForSEO credentials.

Install only if you are comfortable sending search topics to Google Autocomplete. Use --volume only when you intentionally want DataForSEO enrichment, and prefer dedicated DataForSEO credentials because that mode reads local credentials and sends keyword lists to DataForSEO.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
84% confidence
Finding
The skill documentation indicates capabilities for network access, shell execution, and environment access, but it does not declare permissions or clearly bound those behaviors. That gap reduces transparency and makes it easier for a caller to invoke code that reaches external services or local secrets without an explicit trust decision.

Tp4

High
Category
MCP Tool Poisoning
Confidence
92% confidence
Finding
The skill claims to find Google Autocomplete questions, but it also optionally authenticates to a third-party SEO service and retrieves search-volume data using credentials from environment variables or macOS Keychain. This description-behavior mismatch is dangerous because users may approve or run the skill expecting simple autocomplete lookups, while it can also access local secrets and send data to an external paid service.

Credential Access

High
Category
Privilege Escalation
Content
- `--modifiers what how why should` — override default modifiers (default: what how why should can does is when where which will are do)
- `--delay 0.5` — seconds between requests (use 0.5–1.0 when running many topics in batch)
- `--json` — output as JSON for programmatic use
- `--volume` — fetch avg monthly search volume via DataForSEO (reads creds from macOS Keychain: `dataforseo-login` / `dataforseo-password`, or env vars `DATAFORSEO_LOGIN` / `DATAFORSEO_PASSWORD`)
- `--location 2840` — DataForSEO location code (default: 2840 = US)
- `--lang en` — language code for volume lookup (default: en)
Confidence
90% confidence
Finding
Keychain

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal