ClawHub

alphaear-search

Security checks across malware telemetry and agentic risk

Overview

The skill is finance-search related and not malicious, but it quietly adds external page extraction, sentiment analysis, LLM/provider use, model downloads, and persistent local caching beyond its short description.

Review before installing. Use it only if you are comfortable with finance queries, selected URLs, extracted page text, and sentiment inputs being cached locally and possibly sent to Jina or configured LLM providers. Avoid sensitive client, compliance, trading, or proprietary research unless enrichment/sentiment paths are disabled or isolated and the local SQLite cache is managed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill advertises networked search and local retrieval behavior but does not declare permissions despite detected network and environment access capabilities. Missing permission declarations weaken review and sandboxing controls, making it easier for a skill to access external services or environment-derived secrets without explicit operator awareness.

Tp4

High
Category
MCP Tool Poisoning
Confidence
93% confidence
Finding
The documented purpose is narrow search/RAG, but the analyzed behavior includes substantially broader capabilities such as full-page extraction, sentiment processing, persistent storage, and model/tool-routing infrastructure. This mismatch is dangerous because reviewers and users may grant trust or deployment approval for a simple search skill while it actually performs additional data collection, processing, and persistence that increase attack surface and privacy risk.

Missing User Warnings

Medium
Confidence
74% confidence
Finding
The skill persists raw search queries and corresponding results to a local SQLite database, which can include sensitive finance-related interests, research topics, URLs, and content. In this skill context, users may search for confidential investment, compliance, or client-related information, so storing this data without consent controls, minimization, encryption, or retention limits increases privacy and data exposure risk if the host is shared or compromised.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The LLM path sends user- or database-derived text to an external model provider without any visible consent, classification, or redaction step. In a finance-oriented skill, this can expose proprietary or sensitive market information, internal notes, or regulated data to third-party services and create compliance and privacy risk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal