ClawHub

Multi Search Engine 2.0.1

Security checks across malware telemetry and agentic risk

Overview

This skill is a transparent search-helper that documents public search engine URL templates, with expected privacy considerations but no hidden code or persistence.

Reasonable to install if you want reusable search-engine templates. Avoid searching for secrets, credentials, private business terms, or regulated personal data, and be aware that disabling safe-search filters may surface explicit or inappropriate results.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill is explicitly designed to send search terms to external search providers, and the examples encourage direct transmission of user-supplied queries without any warning that those queries will be disclosed to third parties. This creates a real privacy risk because users may enter sensitive terms, and different engines may log, profile, or otherwise retain those queries; the presence of some 'privacy engines' does not mitigate the lack of disclosure for all providers.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The examples encourage direct requests to third-party search engines and knowledge services using user-provided queries, but the document does not clearly warn that those queries will be transmitted off-platform and may be logged, profiled, or regionally exposed. In a search-integration skill, this is contextually expected behavior, but the missing disclosure still creates a real privacy risk, especially for sensitive research terms or regulated environments.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The guide explicitly documents parameters that disable safe search or family filters without warning that results may include explicit, unsafe, or inappropriate content. Because this is an instructional skill that could be reused broadly, omission of a caution increases the chance of accidental exposure, including in workplace, classroom, or minor-accessible contexts.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal