ClawHub

Grok Api Search

Security checks across malware telemetry and agentic risk

Overview

This Grok search skill is functional but needs review because it can send search queries and API keys to a third-party relay by default while the documentation is inconsistent about that behavior.

Review before installing. Use it only if you are comfortable sending your search queries and an API bearer token to the configured endpoint. Set GROK_API_URL explicitly to the official xAI endpoint or another provider you trust, use a separate revocable key for any relay, and avoid sensitive or confidential searches until the documentation and defaults are clarified.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
84% confidence
Finding
The skill advertises executable shell usage (`./grok-search.sh`) but declares no permissions, creating a mismatch between documented capability and the trust signals available to users or the hosting platform. This can lead to under-informed execution of a networked shell-based skill, especially because it also handles API keys and outbound requests.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The script defaults to sending both user search queries and the Grok API key to a third-party relay domain rather than the official xAI endpoint. This creates a clear credential exposure and data disclosure risk because the relay can observe, store, or misuse the bearer token and all submitted content, and the behavior is only lightly described as a cost-saving 'relay' rather than an explicit trust boundary change.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README explicitly promotes real-time web search through Grok/xAI and proxy-compatible endpoints, but it does not warn users that their prompts and possibly related metadata will be transmitted to third-party services. In a search skill, this omission is materially important because users may submit sensitive queries under the assumption the processing is local or privacy-preserving.

Vague Triggers

Medium
Confidence
76% confidence
Finding
The trigger conditions are very broad, such as ordinary phrases like '搜索xxx' or requests for latest news, which increases the chance of accidental invocation during normal conversation. Because the skill performs external search actions and may transmit user queries to third-party services, unintended triggering can expose user data or cause unwanted network activity.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The documentation recommends a third-party proxy API by default to save cost, but does not clearly warn that user prompts, search content, and API credentials may be exposed to an intermediary outside the official provider. Making a proxy the default materially increases confidentiality and supply-chain risk, especially for a search skill likely to handle arbitrary user-entered content.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script transmits user input and the API bearer token over the network without an explicit warning at execution time that data is being sent to a remote service, and by default to a third-party relay. In a search tool, network transmission is expected, but the lack of clear disclosure about third-party handling materially increases privacy and credential-handling risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal