ClawHub

Free Search Aggregator

Security checks across malware telemetry and agentic risk

Overview

This is a coherent web-search helper, but users should understand that searches are sent to providers and saved locally.

Install only if it is acceptable for search terms to be sent to configured third-party providers and stored under memory/. Avoid entering secrets or regulated data as queries, review local retention and logs, use trusted self-hosted endpoints only, and pin dependencies for production or sensitive environments.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill documentation advertises and instructs use of environment variables, network access, shell commands, and reads/writes under the workspace memory directory, yet it declares no permissions. This creates a misleading trust boundary: an operator or platform may treat the skill as lower-risk than it really is, increasing the chance that sensitive environment data, local files, or network actions are exposed without explicit review.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README explicitly advertises managed storage under memory/ and later documents raw cache, append-only indexes, and human-readable reports, but it does not clearly warn users that search queries and derived reports are persisted on disk. In an agent environment, queries may contain sensitive prompts, research topics, customer data, or operational context, so silent persistence can create privacy, compliance, and data-retention risks.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README explicitly states that search results are automatically persisted under memory/, but it does not prominently warn that user queries and retrieved content may contain sensitive information and will be stored on disk. In an agent/search skill context, this creates a real privacy and data-handling risk because operators may unknowingly retain confidential prompts, research topics, or fetched sensitive content in long-lived local storage.

Missing User Warnings

Low
Confidence
68% confidence
Finding
The README mentions real quota checks and later notes that Brave quota probing consumes a request, but this warning is not surfaced prominently where users are told to run scripts/remaining --real. This can lead to unintended quota depletion or minor billing/availability impact, especially in automated agent workflows that may probe frequently.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The Tavily quota fallback sends the API key as a query parameter (`params = {"api_key": api_key}`), which is more likely to be exposed through intermediary logs, proxies, browser/debug tooling, or server access logs than an Authorization header. Even though the destination is the provider API over HTTPS, placing credentials in URLs is an avoidable secret-handling weakness and the code provides no warning or opt-in before using the less safe method.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The router logs raw search queries at info level, which can expose sensitive user input such as credentials, personal data, internal project names, or investigative topics to application logs. In a search-aggregation skill, users are especially likely to submit arbitrary natural-language queries, so storing them without disclosure or minimization creates a real privacy and data-handling risk.

Unpinned Dependencies

Low
Category
Supply Chain
Content
beautifulsoup4>=4.12.3
PyYAML>=6.0.2
requests>=2.32.3
Confidence
97% confidence
Finding
PyYAML>=6.0.2

Unpinned Dependencies

Low
Category
Supply Chain
Content
beautifulsoup4>=4.12.3
PyYAML>=6.0.2
requests>=2.32.3
Confidence
95% confidence
Finding
requests>=2.32.3

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal