ClawHub

Finder Local Search

Security checks across malware telemetry and agentic risk

Overview

This is a Finder influencer-search helper that is broadly coherent, but users should be careful because it asks for and stores a Finder API key locally.

Install only if you trust Finder/Optell and are comfortable with a Finder API key being stored in ~/.finder/config.json. Prefer entering the key locally rather than pasting it into chat, restrict file access if possible, and rotate or revoke the key if it may have been exposed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (17)

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The documentation tells users to paste an API key directly to the agent so it can save the credential on their behalf. That expands the skill from creator search into credential handling, which increases secret-exposure risk and is not clearly necessary for the stated purpose.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The skill documents storing a long-lived API key in plaintext under ~/.finder/config.json without any warning about local secret exposure. Plaintext credential persistence can leak through backups, shared machines, shell access, or later tooling that reads files from the home directory.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The example explicitly tells users to send an API key in chat and has the assistant create a local configuration file with that credential. That goes beyond creator search and introduces sensitive secret collection and persistence, which materially expands the skill's power and risk surface.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
The documentation shows the assistant handling a user's API key and writing it to disk for future use, which is not necessary for a simple search skill and creates credential-storage behavior. This increases the chance of credential leakage through chat logs, local file exposure, or unintended reuse by other processes or users on the machine.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly tells the agent to take an API key pasted into chat and write it to a local config file, but gives no warning about the security implications of persisting a secret on disk. This creates unnecessary secret-handling risk because chat-provided credentials may be stored in plaintext, reused outside the user's intent, or exposed through local file compromise, backups, or logs.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The workflow directs automatic creation of a config file containing the user's key without an explicit confirmation gate before modifying local files that contain sensitive data. That combination is unsafe because it normalizes silent persistence of credentials and increases the chance of storing secrets where they can later be read by other processes, users, or backup systems.

Missing User Warnings

High
Confidence
97% confidence
Finding
The documentation explicitly encourages users to send their API key directly to the agent, with no privacy or safety warning. Sending secrets through chat creates unnecessary exposure to logging, retention, transcript sharing, and accidental reuse by downstream tooling.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The commands write the API key to disk in a local config file but do not warn users that the credential will persist in plaintext. Users may unknowingly leave reusable secrets exposed on disk, especially on shared or poorly secured endpoints.

Missing User Warnings

High
Confidence
95% confidence
Finding
The guidance encourages users to share an API key directly in chat without warning that it is a sensitive credential. Chat-based collection of secrets is dangerous because transcripts may be retained, exposed to other tools, or reviewed later, turning a convenience prompt into a credential-exfiltration pattern.

Ssd 3

High
Confidence
98% confidence
Finding
The skill normalizes collecting API keys directly from chat and saving them for later reuse, which is an unsafe secret-handling pattern. Secrets shared in conversation may be retained in chat history, monitoring systems, or transcripts, and persisting them locally compounds the exposure by creating a second plaintext storage location that may be accessible to other users or malware.

Ssd 3

High
Confidence
98% confidence
Finding
The workflow repeatedly instructs the agent to take secrets from conversation content and save them into configuration files, establishing a reusable secret-exfiltration and persistence pattern. In context, this is more dangerous because the skill is designed for operational automation, so users may be conditioned to hand over credentials casually and let the agent store them automatically.

Ssd 3

Medium
Confidence
93% confidence
Finding
The example dialogue reinforces unsafe behavior by positively framing that the agent has written the user's access key into a local file and will remember it. Example text matters because it trains both implementers and users to treat chat-supplied secrets and automatic persistence as normal, increasing the likelihood of credential leakage through transcripts and insecure local storage.

Ssd 3

Medium
Confidence
97% confidence
Finding
Normalizing pasting an API key into the assistant encourages unsafe secret-handling behavior and trains users to disclose credentials in conversational contexts. Even if intended for convenience, it weakens security posture and can lead to credential compromise.

Ssd 3

Medium
Confidence
88% confidence
Finding
The recommended feedback text reinforces that the assistant has written and retained the user's API key for future use, normalizing persistent assistant-mediated credential workflows. This increases the chance of overcollection, unsafe retention expectations, and accidental secret exposure.

Ssd 3

High
Confidence
97% confidence
Finding
This pattern directly asks the user to disclose a secret in conversation and then use it for local configuration, creating a sensitive-data handling workflow in plain language. In a chat-integrated skill, that is particularly risky because secrets can be captured in logs, analytics, or later prompt context far beyond the user's expectation.

Ssd 3

High
Confidence
97% confidence
Finding
The documentation says users can directly send an access key in chat and the assistant will save and reuse it, normalizing long-term secret retention from conversational input. This is dangerous because it encourages insecure disclosure and persistence of credentials unrelated to the core search task.

Ssd 3

High
Confidence
98% confidence
Finding
The end-to-end example is centered on receiving a credential in chat, writing it to ~/.finder/config.json, and reusing it later, which establishes a full insecure secret-management workflow. Because the skill's declared purpose is influencer search, this credential collection and persistence is unnecessary and makes the context more dangerous, not less.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal