ClawHub
Back to skill
v1.1.3

Augmented Search

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 6:23 AM.

Analysis

Augmented Search is coherent with its search purpose, but users should notice that it relies on external server installs and may share search/context data with configured services.

GuidanceThis skill appears suitable for its stated search role. Before installing, verify the upstream Docker/npm sources, pin versions if possible, keep the HTTP service local or firewalled, and avoid sending confidential queries or agent reasoning to public SearXNG or cloud embedding providers.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
reference/installation.md
image: ghcr.io/sebrinass/mcp-augmented-search:latest ... npm install -g augmented-search ... curl -fsSL https://ollama.com/install.sh | sh

The documented setup relies on external container/package/script sources and uses unpinned or latest-style references. This is disclosed and purpose-aligned, but the installed runtime is not contained in the submitted artifacts.

User impactInstalling the skill as documented means trusting upstream packages or images that can change over time.
RecommendationUse pinned versions or image digests where possible, install from verified sources, and review the upstream repository/package before use.
Tool Misuse and Exploitation
SeverityLowConfidenceMediumStatusNote
SKILL.md
docker run -d --name augmented-search -p 3000:3000 ... curl -X POST http://localhost:3000/api/read ... urls

The skill exposes an HTTP/MCP-style service and a URL-reading endpoint. This fits the search purpose, but the artifacts do not describe authentication or network access controls.

User impactIf the service is exposed beyond the local machine, other users on the network may be able to trigger searches or URL reads.
RecommendationBind the service to localhost or firewall it, avoid exposing it publicly, and only allow trusted agents or users to call the endpoint.
Rogue Agents
SeverityInfoConfidenceHighStatusNote
reference/installation.md
restart: unless-stopped

The Docker Compose example configures the search services to keep running and restart automatically. This is disclosed server behavior, not hidden persistence.

User impactThe service may continue running after setup until the user stops or removes it.
RecommendationStop or remove the containers when they are no longer needed, and monitor exposed ports on shared machines.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityLowConfidenceHighStatusNote
SKILL.md
EMBEDDING_API_KEY ... EMBEDDING_BASE_URL ... CONTEXT7_API_KEY

Optional provider credentials are declared for embedding re-ranking and code documentation search. This is expected for those integrations, with no artifact evidence of hardcoding, logging, or unrelated credential use.

User impactAny keys supplied to the service could be used by that service to call the configured provider.
RecommendationUse dedicated, revocable, least-privileged API keys and avoid sharing high-value organization credentials unless needed.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication
SeverityLowConfidenceMediumStatusNote
SKILL.md
search — 思考 + 并发搜索 ... `thought` — 当前思考内容 ... `EMBEDDING_BASE_URL` — Embedding API 端点(OpenAI 兼容)

The tool interface can receive the agent's current thought/context and may use an embedding provider when configured. This is relevant to search quality, but it broadens the data sent to the local MCP service and optional providers.

User impactPrivate prompts, reasoning summaries, or sensitive search context could be shared with the configured service if the agent includes them.
RecommendationKeep tool inputs minimal, avoid putting secrets or confidential reasoning in the thought/query fields, and prefer local providers for sensitive work.