ClawHub

Private Deep Search

Security checks across malware telemetry and agentic risk

Overview

This skill appears to perform the advertised local SearXNG research workflow, but its privacy claims understate that queries and fetched pages still leave the machine and its Docker service persists and may be exposed beyond localhost.

Review before installing. Use it only for searches you are comfortable sending to external search engines and visited websites, consider binding Docker to 127.0.0.1, disable remote autocomplete for sensitive use, pin the Docker image instead of using latest, and stop or remove the container when finished.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (5)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README overstates privacy by saying user data never leaves the machine, even though queries are sent to external search engines and article content is fetched from remote websites. This can mislead users into believing the tool provides stronger privacy guarantees than it actually does, causing them to submit sensitive research queries that are still exposed to third parties.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill repeatedly markets itself as private, local, and forgetful, but the description does not clearly warn that user queries are still transmitted to third-party search engines and that fetched pages will receive requests from the user's machine or VPN. This can mislead users into believing their activity never leaves the local environment, creating a privacy-risky mismatch between the advertised trust model and the actual network behavior.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The setup instructions tell users to run a local shell script and launch Docker services, but do not warn that this will modify the system state, generate secrets, pull images, and expose a local network service on localhost:8888. Users may execute these commands without understanding the trust implications, network exposure, or persistence of the deployed containerized service.

Missing User Warnings

Low
Confidence
89% confidence
Finding
The skill clearly performs network searches and fetches arbitrary third-party web pages derived from the user's query, but the description and usage guidance do not prominently warn users that external content will be retrieved and scraped. This can lead to unintended access to sensitive, internal, or reputation-impacting URLs if users assume the skill is purely local analysis, especially in agentic environments where queries may contain confidential terms.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
This skill sends the user's research query to a local SearXNG instance and then automatically fetches third-party webpages, creating clear network-driven data disclosure without any explicit notice, consent, or scope restriction. Even though the search backend is localhost, the query still leaves the agent boundary through SearXNG's upstream engines and the subsequent page fetches contact arbitrary external sites, which can expose sensitive prompts, topics, IP metadata, and browsing behavior.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal