ClawHub

Call Web Search Agent

Security checks across malware telemetry and agentic risk

Overview

This is a web-research skill with no executable code, but it needs Review because its prompt tells the agent to prioritize user or supervisor preferences over system prompts.

Install only if you are comfortable with a research skill that saves logs and reports to wiki documents, and review or amend the prompt so platform/system instructions always remain higher priority than user or supervisor preferences.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
86% confidence
Finding
The skill description is so broad and self-referential ('AI agent for call web search agent tasks') that it does not meaningfully constrain when this skill should be activated. Overbroad activation increases the chance the skill is invoked in unrelated contexts, exposing its powerful file-writing and submission workflow where it is not needed.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The instructions require creating and appending to persistent wiki documents throughout execution, but there is no user-facing disclosure or consent step for writing files. In a skill that performs web research and logging, silent persistence can store sensitive prompts, retrieved content, or derived notes without the user's awareness.

Ssd 1

High
Confidence
99% confidence
Finding
The skill explicitly says user preferences and supervisor instructions should be treated as 'supreme' and prioritized over conflicting system-prompt instructions, and also says these principles take priority over built-in knowledge and cognition. This is a direct instruction-hierarchy violation that can be used to bypass higher-level safeguards and coerce unsafe tool use or unsafe handling of sensitive data.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal