ClawHub

SearXNG Docker

Security checks across malware telemetry and agentic risk

Overview

This is a coherent local SearXNG web-search helper with normal network and Docker-service caveats, not evidence of malicious behavior.

Install this only if you are comfortable running a persistent local Docker search service. Keep the default localhost binding unless you deliberately expose it, consider pinning the Docker image, avoid sensitive search terms, and use --base-url only with SearXNG instances you trust.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill clearly performs network operations against a local SearXNG service, but the metadata does not declare any corresponding permission or capability boundary. This creates a trust and governance gap: users or orchestrators may invoke a networked skill without explicit visibility that it sends queries over HTTP and can reach alternate hosts via --base-url.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The description says to use the skill for very common phrases like "search," "look something up," and even when web_search returns poor results, which makes activation criteria broad and subjective. Over-broad triggering can cause unintended invocation of a network-capable skill, increasing the chance of unnecessary data disclosure in user queries.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The "When to Use" section repeats ambiguous activation rules such as broad search phrases and fallback behavior when another tool is unavailable or underperforming. In context, this matters because the skill is network-enabled and can route requests to a configurable base URL, so accidental activation has real privacy and policy implications.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal