ClawHub

Call Web Search Agent Strategy

Security checks across malware telemetry and agentic risk

Overview

This appears to be a web-research workflow skill with expected network/search behavior, but its instructions should be used cautiously because they overstate trust in user input and tool output.

Install this only if you want an agent to perform web searches and scraping on your behalf. Treat its results as research leads, not verified truth, and use extra review for high-stakes topics or pages that may contain adversarial instructions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Ssd 1

High
Confidence
96% confidence
Finding
The role framing says the skill’s commands have priority higher than built-in knowledge and cognition, and requires unconditional acceptance of tool output as fact. In a search-oriented skill, that increases risk of prompt injection, misinformation acceptance, and unsafe tool-mediated decision making because the agent is told to suppress skepticism and deference to trusted safety layers.

Ssd 1

High
Confidence
96% confidence
Finding
The role framing says the skill’s commands have priority higher than built-in knowledge and cognition, and requires unconditional acceptance of tool output as fact. In a search-oriented skill, that increases risk of prompt injection, misinformation acceptance, and unsafe tool-mediated decision making because the agent is told to suppress skepticism and deference to trusted safety layers.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal