ClawHub

爱奇艺影视搜索

Security checks across malware telemetry and agentic risk

Overview

This iQIYI search skill mostly does what it says, but its documented search script can execute locally crafted Python if a search term or returned page content is maliciously shaped.

Review before installing. The intended iQIYI search behavior is understandable, but avoid sensitive or adversarial search terms and prefer replacing the documented search.sh flow with the file-based parser approach in search_v2.sh. Verify the agent-browser package before installing it globally.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill invokes a shell script and explicitly requires a browser automation binary, which implies filesystem access and outbound network access, yet those capabilities are not declared as permissions. This creates a transparency and policy-enforcement gap: an operator may approve the skill without realizing it can read local files and access external sites, increasing the risk of unintended data exposure or misuse.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The trigger phrase includes a broad invocation such as asking generally what is available on iQIYI, which may cause the skill to activate in loosely related conversations. Over-broad routing can lead to unintended browser automation or network requests, especially when the skill reaches external content based on ambiguous user intent.

Missing User Warnings

Low
Confidence
89% confidence
Finding
The script sends raw user-supplied search terms to iqiyi.com through a browser request and only prints a generic status message before doing so. In this skill context, that creates a real privacy issue because user queries may contain sensitive interests or personal information, and the skill does not warn users that their input will be transmitted to a third-party service.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal