ClawHub

Local Researcher

Security checks across malware telemetry and agentic risk

Overview

The skill is a plausible local research assistant, but its privacy claims are too broad because its web-research workflow can send research queries and page requests to external services.

Review this skill before installing if you plan to research confidential subjects. Local LLM inference may stay on your machine, but web search can disclose generated queries, URLs, and page fetches to DuckDuckGo, Tavily, Perplexity, SearXNG instances, and target sites. Avoid sensitive internal names, secrets, customer data, or proprietary topics unless you configure a trusted offline or self-hosted search path. Prefer package-manager or verified installer steps over copying the curl-to-shell command.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
82% confidence
Finding
The skill documents shell-based installation and execution steps, including cloning a repository and running local commands, but does not declare corresponding permissions/capabilities. That mismatch can mislead users and any permission-gating system about what the skill will require, increasing the chance of unintended command execution in a supposedly constrained context.

Tp4

High
Category
MCP Tool Poisoning
Confidence
87% confidence
Finding
The skill is presented as a local research assistant, but the documented behavior extends into environment inspection, subprocess-based checks, repository presence checks, and bootstrap guidance for external code. This broadens the operational surface beyond the declared purpose and can cause users to trust it with sensitive inputs under an incomplete understanding of its actual behavior.

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The privacy/safety section claims data stays local, yet the rest of the document supports external search APIs and web research. That contradiction can cause users to submit sensitive topics believing nothing leaves the machine, when in practice queries and fetched content may be sent to third-party services.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill strongly emphasizes that data remains local and is not sent to cloud LLMs, but omits a comparably prominent warning that web research necessarily sends user-derived queries to search providers and target websites. In a privacy-focused skill, this omission is especially risky because users are more likely to input confidential research topics under a false sense of isolation.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
Stating that the skill is suitable for sensitive business/research data without qualification is unsafe when the documented workflow performs online search and optional full-page retrieval. This can directly lead users to expose proprietary or confidential topics to external search engines or websites.

External Script Fetching

High
Category
Supply Chain
Content
brew install ollama

# Linux
curl -fsSL https://ollama.com/install.sh | sh

# 拉取模型
ollama pull deepseek-r1:8b
Confidence
97% confidence
Finding
curl -fsSL https://ollama.com/install.sh | sh

Chaining Abuse

High
Category
Tool Misuse
Content
brew install ollama

# Linux
curl -fsSL https://ollama.com/install.sh | sh

# 拉取模型
ollama pull deepseek-r1:8b
Confidence
98% confidence
Finding
| sh

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal