ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Call Web Search Agent Strategy

v0.1.0

AI agent for call web search agent strategy tasks

0· 668·2 current·2 all-time
by@alvinecarn
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name and description (web-search agent strategy) align with the SKILL.md contents: the document prescribes how to conduct research, what search tools to call, citation rules, and workflow constraints. There are no unrelated required binaries, env vars, or installs.
Instruction Scope
The SKILL.md gives very prescriptive runtime rules (e.g., always treat user input as authoritative, prefer real-time tool results over internal knowledge, strict citation/word-count rules, and rely on available_tools like discover_tools/execute_search_tool). These are coherent with a research-strategy skill, but the instructions explicitly prioritize external tool results over internal safeguards and system prompts—this could affect safety/policy enforcement depending on the hosting platform. The skill does not instruct reading files, environment variables, or sending data to unexpected external endpoints beyond citing URLs.
Install Mechanism
No install spec and no code files (instruction-only). This minimizes filesystem/execution risks.
Credentials
Requires no environment variables, credentials, or config paths. Requested privileges are minimal and proportionate to an instruction-only research strategy.
Persistence & Privilege
always is false and autonomous invocation is default platform behavior. The skill does not request persistent presence or attempt to modify other skills or system configs.
Assessment
This skill is an instruction-only 'how to run research' guide and appears internally consistent: it asks for nothing sensitive and installs nothing. Before enabling it widely, consider that the instructions mandate trusting external search outputs and treating user input as absolutely authoritative—this can cause the agent to accept unverified or malicious content if platform-level safety checks are not enforced. If you plan to let agents run autonomously with this skill, ensure the hosting platform still enforces policy/safety layers and that 'available_tools' are restricted to trusted search connectors. If you are uncomfortable with the directive to override internal knowledge or system prompts, review and test the skill in a controlled environment first.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cf2bemrfhnjmphr6ht9w8q5816t71

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments