ClawHub

Search Strategy Skill

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed search-routing skill that sends queries or URLs to search and crawling providers, with privacy caveats but no evidence of deception or destructive behavior.

Reasonable to install for general web research. Avoid confidential queries, private/internal URLs, or account-backed searches unless you trust the selected provider; use --engine when you want predictable routing, and review separately installed tools such as firecrawl, tavily-search, and agent-reach.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill documents extensive shell-based execution behavior (curl, grep, sed, firecrawl, node, caching, logging) but the manifest does not declare corresponding permissions or capabilities. This creates a transparency and governance gap: callers may invoke a skill believing it is metadata-only or low-privilege while it actually performs networked command execution and local file writes.

Context-Inappropriate Capability

Medium
Confidence
78% confidence
Finding
The documented browser automation can navigate arbitrary URLs, render dynamic content, and optionally create screenshots on disk, which materially expands the attack surface beyond simple search selection. In practice this enables collection of page content and local artifacts from sensitive or authenticated sessions if triggered without strong boundaries or explicit user consent.

Context-Inappropriate Capability

Medium
Confidence
83% confidence
Finding
Full-site crawling via Firecrawl goes well beyond choosing a search engine and can recursively collect large amounts of content from a target site. That broader capability increases the risk of over-collection, terms-of-service violations, and unintended access to sensitive or internal data if a user supplies high-risk targets.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The skill is described as a generic search-strategy selector, but it can route queries to `agent-reach`, a separate social-platform capability with different behavior and data access patterns. This expands the skill's effective scope beyond simple search selection, which can surprise callers, increase attack surface, and cause unintended access to platform-specific tooling or data flows.

Missing User Warnings

Low
Confidence
72% confidence
Finding
The documentation includes screenshot capture to a local file without a clear warning that content from visited pages will be stored on disk. This can create privacy and data-handling issues, especially if screenshots contain authenticated, personal, or confidential information.

Missing User Warnings

Low
Confidence
80% confidence
Finding
Caching queries and results to predictable temporary files stores potentially sensitive search terms and returned content on disk without disclosure. On shared or poorly secured systems, this can expose user activity or collected data to other local users or later processes.

Missing User Warnings

Low
Confidence
81% confidence
Finding
Persisting execution history and error logs locally without warning can leak user queries, visited targets, operational details, or failure traces containing sensitive information. Even if intended for debugging, silent logging increases privacy risk and can aid local attackers or later unintended disclosure.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal