ClawHub

SearXNG Connect

Security checks across malware telemetry and agentic risk

Overview

This is a purpose-aligned SearXNG web search skill with expected network and local cache behavior, though users should understand the privacy tradeoffs before use.

Install only if you are comfortable sending search terms to the SearXNG instance you configure. Avoid searching secrets or internal identifiers on untrusted instances, use --full-content only when you accept direct requests to result websites, and disable or periodically clear the local cache for sensitive searches.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (13)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill clearly performs network activity, but the metadata does not declare corresponding permissions or capabilities. This weakens policy enforcement and informed consent because a host system or reviewer may treat the skill as less privileged than it really is.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The description says the skill searches through a self-hosted SearXNG instance, but the documented behavior also includes direct retrieval of external pages and local caching of returned content. That expands both the privacy and data-handling surface beyond what a user would reasonably expect, creating risk of unintended outbound requests and storage of sensitive search-derived data.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The skill can make direct outbound HTTP requests to arbitrary result URLs when full-content mode is enabled, which materially expands its behavior beyond querying the configured SearXNG instance. This creates privacy and trust-boundary issues because using the skill may reveal access patterns to third-party sites and may fetch untrusted content without the user realizing that extra network activity occurs.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The top-level documentation states that all searches go through the self-hosted SearXNG instance, but full-content mode later performs direct requests to external sites. That mismatch can mislead users into assuming stronger privacy guarantees than actually provided, which is a security-relevant transparency failure in a privacy-focused search skill.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The statement that the skill will 'automatically be available' when web search is needed is an overly broad invocation description that can cause the skill to activate in many ordinary contexts. In an agent environment, ambiguous triggers increase the chance of unintended web access, data egress to the configured SearXNG instance, and user-surprising behavior.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The usage examples are generic everyday-language phrases such as 'Search the web' and 'Search news about X,' which are likely to overlap with common conversation and other skills. In a multi-skill system this ambiguity can cause over-triggering, unintended browsing, and leakage of prompts or sensitive topics to an external service.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README explicitly advertises local caching of search terms and documents a persistent cache directory, but it does not clearly warn users that their queries and associated metadata may be written to disk. Because search queries can contain sensitive or regulated information, this creates a real privacy and data-retention risk, especially on shared systems or developer workstations.

Vague Triggers

Medium
Confidence
76% confidence
Finding
The trigger guidance is broad enough that ordinary user requests to 'search' could automatically invoke web access without a clear confirmation boundary. In an agent setting, broad triggers can cause unintended transmission of user queries to external services and may surface untrusted web content too readily.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The markdown does not warn users that their queries will be sent to the configured SearXNG instance and may then propagate to upstream search engines. This is a privacy transparency issue: sensitive prompts, names, or internal terms could leave the local environment without adequate disclosure.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
Search results, including optionally fetched full page text, are cached on disk under the user's home directory by default. This can expose sensitive queries and retrieved content to other local users, backups, or later forensic recovery if the user expects ephemeral/private operation.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
When full-content mode is enabled, the tool contacts each result URL directly and downloads page content, exposing the client IP/user agent to third-party sites and potentially retrieving tracking or unexpected content. In a privacy-oriented skill, this is a meaningful privacy and security risk if not prominently disclosed and consented to.

Session Persistence

Medium
Category
Rogue Agent
Content
This will:
1. Check for Python 3.9+
2. Install `requests` library if needed
3. Create cache directory if it doesn't exist

## Configuration
Confidence
89% confidence
Finding
Create cache directory if it doesn't exist ## Configuration Edit `skill-config.json` to customize your SearXNG instance: ```json { "default_instance": "https://your-searxng-instance.com/", "cac

Tool Parameter Abuse

High
Category
Tool Misuse
Content
| `--time-range` | year, month, week, day (aliases: 30d, 7d, 24h, hour) | None |
| `--language` | BCP-47 language code | en |
| `--pageno` | Results page number | 1 |
| `--no-safesearch` | Disable safe search | - |
| `--no-cache` | Bypass cache for this request | - |
| `--full-content` | Fetch full page text per result (slower, richer) | - |
| `--instance` | Override SearXNG instance URL | From skill-config.json |
Confidence
78% confidence
Finding
--no-safe

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal