ClawHub

Google Search

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Google Search gateway skill, but users should use their own OneKey API key and avoid sensitive search payloads.

Install only if you are comfortable sending search queries and payload fields to OneKey Gateway and Google. Set DEEPNLP_ONEKEY_ROUTER_ACCESS to your own key before use, do not rely on the shared demo key for sensitive or production searches, and review the third-party npm and Python dependencies in higher-trust environments.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Context-Inappropriate Capability

Low
Confidence
95% confidence
Finding
The script retrieves a router access credential from an environment variable and even supplies a hardcoded fallback token if the variable is absent. Embedding a default credential in code is dangerous because it can enable unauthorized access to the backend router, credential reuse across deployments, and accidental exposure if the code is shared or published.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The documentation explicitly states that if no key is provided, the skill falls back to a shared demo key `BETA_TEST_KEY_MARCH_2026`. This is dangerous because user queries and associated metadata may be transmitted through a shared credential, causing privacy leakage, loss of accountability, rate-limit abuse, and possible cross-tenant data exposure; in a search skill, users may submit sensitive research terms or personal data without realizing it is sent under a public/shared key.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill forwards the entire user-supplied payload directly to a remote router service without validation, minimization, or any disclosure to the user about outbound transmission. This is risky because sensitive data placed in the payload may be unintentionally exfiltrated to an external service, and the broad pass-through design increases the chance of misuse beyond the advertised Google search capability.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal