ClawHub

SearXNG Web Search

Security checks across malware telemetry and agentic risk

Overview

The skill does what it claims, but by default it sends search queries to an unknown public SearXNG server over unencrypted HTTP without a clear privacy warning.

Install only if you trust the configured SearXNG server. Before using it for private, client, account, health, legal, financial, or workplace-sensitive searches, set SEARXNG_ENDPOINT to a trusted HTTPS or self-hosted instance. Treat results as web-search output from Baidu/Bing through that endpoint, not as private local search.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The invocation examples are framed as ordinary conversational requests like “帮我搜索…” and “搜索今天的新闻,” which can cause the skill to trigger unintentionally during normal chat. In an agent environment with external network access, overly broad activation increases the chance of silent data egress or unintended queries to third-party services.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The README describes the configurable SearXNG endpoint but does not clearly warn users that their search terms will be transmitted to an external SearXNG instance, with a default endpoint set to a public IP over plain HTTP. This creates a meaningful privacy and integrity risk because user queries may contain sensitive information and can be observed, logged, or modified by the remote service or network intermediaries.

Natural-Language Policy Violations

Medium
Confidence
80% confidence
Finding
Defaulting to zh-CN and prioritizing Baidu without clear user choice can route user queries through region-specific engines and influence both where data is sent and what results are returned. While not a direct exploit primitive, it creates consent, privacy, and result-bias concerns that matter more in a networked search skill handling arbitrary user prompts.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill sends user search queries to a configurable remote SearXNG endpoint, and the default endpoint is a non-local `http://` server. Without an explicit warning, users may unknowingly transmit potentially sensitive queries to a third-party host over an unencrypted connection, exposing query contents and metadata to interception or logging.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal