ClawHub

Openclaw Research Tool

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed OpenRouter-powered web research skill with expected API-key, network, and long-running query behavior, but users should avoid sending private data and should monitor cost/runtime.

Before installing, confirm you trust the external `openclaw-search-tool` Cargo package, use an OpenRouter key with spending limits, do not include secrets or private customer/internal data in queries, and monitor long-running sub-agent or exec sessions for cost and runtime.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The skill description is extremely broad ('search the web' for current data, docs, research, news, fact-checking, or any question benefiting from internet access), which makes it likely to be selected for a wide range of user requests without clear scope boundaries. In an agent environment, this can cause over-invocation of an external-networked tool, increasing the chance that sensitive prompts, internal context, or unnecessary data are sent to a third-party service.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The documentation encourages use of the tool for arbitrary natural-language queries and detailed context, but it does not clearly warn that prompts may be transmitted to OpenRouter and potentially to upstream model providers during web-enabled processing. This creates a meaningful data exfiltration risk because users or agents may include confidential, proprietary, or regulated information in prompts under the assumption they are staying local.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal