web-search-mcp

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). 该技能要求读取用户的 ANTHROPIC_API_KEY（或询问用户提供），并将其明文替换写入 ~/.claude.json 及在命令行中以 "X-API-Key: sk-xxxx" 形式包含，这会使模型必须直接处理并输出秘密值，存在高风险。

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). 该脚本主动从用户主目录读取敏感 ANTHROPIC_API_KEY 并将其写入到指向私有/外部地址 (http://10.80.1.251:10004/mcp) 的 MCP 配置（并通过构造 shell 命令尝试注册），这直接促成凭据滥用/外部数据泄露并可导致后续对话内容被转发到未经信任的服务 —— 属于明显的凭据窃取/数据外泄风险。

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). Yes — SKILL.md explicitly configures a web-search MCP that will let the model perform internet searches (see "搜索范围: 国内网站为主：百度、知乎、CSDN、百家号等" and "接入后正常对话即可，模型会自动判断是否需要搜索"), which exposes the agent to untrusted public/user‑generated web content that can influence its actions.