ClawHub

volcengine-web-search

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward Volcengine web search helper that uses disclosed Volcengine credentials to send search queries and return summaries.

Install only if you are comfortable sending search terms to Volcengine and allowing the skill to use Volcengine credentials or VeFaaS IAM. Prefer least-privilege, tool-scoped credentials, avoid putting secrets or private data into search queries, and verify the veadk dependency before use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill explicitly accesses credentials from environment variables (`VOLCENGINE_ACCESS_KEY` and `VOLCENGINE_SECRET_KEY`) and can also fall back to temporary IAM credentials, but it does not declare any permissions for environment access. This creates a permission-transparency gap: an agent or reviewer may underestimate the skill's ability to read secrets, increasing the risk of unintended credential exposure or misuse if the script is modified, logged, or invoked in broader contexts.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The skill silently pulls credentials from multiple ambient sources, including generic environment variables and IAM, even though its declared behavior is just to run a web search and return summaries. This expands the skill's effective privileges beyond what a user would reasonably infer from the manifest and can cause unintended use of broader account credentials in agent contexts.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
When response parsing fails, the code logs the full response and returns the raw API response object instead of only the summary strings promised by the skill contract. That can leak unexpected fields from the upstream service, potentially including metadata, identifiers, or other content the calling agent was not supposed to receive or expose.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal