ClawHub

Grok Research

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it claims, but it can send a user's full research message to an external Grok API and its activation wording is broad enough to deserve review before installation.

Install only if you are comfortable with queries being sent verbatim to the disclosed Grok API endpoint. Avoid including secrets, private wallet details, nonpublic project information, or trading strategy in prompts, and invoke it explicitly rather than relying on broad "research" wording.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
96% confidence
Finding
The skill explicitly requires an environment variable API key and performs outbound network access, yet the manifest does not declare corresponding permissions. This creates a transparency and policy-enforcement gap: users or orchestrators may invoke the skill without realizing it can exfiltrate user-supplied content to an external service and consume secret-backed network capability.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger phrases include generic terms such as "research" and "帮我看看这个币," which are broad enough to match ordinary conversation and may cause unintended invocation. In this skill's context, accidental invocation is more concerning because the selected action forwards the user's raw message verbatim to an external API, increasing the chance of unintended data disclosure.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill repeatedly emphasizes that the user's original message is forwarded "as-is" to Grok, but it does not provide a clear privacy warning that this means the raw query is transmitted to a third-party external API. This is dangerous because users may include sensitive portfolio, identity, or strategy information in a research request without informed consent, and the direct-forward design offers no sanitization or minimization.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill forwards arbitrary user research queries verbatim to a third-party API without any user-facing notice, consent check, or data-sensitivity guard. In a research assistant context, users may include wallet details, private project information, or other sensitive text under the assumption it stays local, leading to unintended external disclosure.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal