FlowSearch — Deep Web Research via Claude Native Search

Security checks across malware telemetry and agentic risk

Overview

This web research skill does what it advertises, but it disables Claude permission prompts while inheriting your shell environment, so it needs review before use.

Install only if you are comfortable letting this skill run Claude non-interactively with your Claude auth environment. Prefer removing the permission-bypass flag or running it in a restricted environment with minimal environment variables and no sensitive working-directory files.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Behavioral ASTexec() Call, eval() Call, Dynamic Import
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The code conditionally adds `--dangerously-skip-permissions` when not running as root, which disables Claude CLI permission prompts and allows unattended tool use. In a skill presented as web research, this broadens effective capability beyond ordinary search and increases the chance that prompt injection or model misbehavior can trigger unintended actions without user approval.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The subprocess is launched with a dangerous permission-bypass flag, but the skill description and CLI output frame the tool as ordinary search/research without an explicit warning that approval safeguards are being disabled. That mismatch can mislead operators into granting the skill a higher trust level than warranted, making unsafe unattended execution more likely.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal