ClawHub

GLM Search Pro

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed GLM/Zhipu web-search skill; its main risk is optional API-key persistence for MCP mode, not hidden or malicious behavior.

Install if you are comfortable sending search queries to Zhipu/GLM. Prefer cURL mode with ZHIPU_API_KEY in the runtime environment; use MCP setup only if you accept storing the API key locally in the mcporter config URL, and rotate the key if that file may have been exposed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The setup script persists the API key by embedding it directly into the mcporter configuration URL, which creates long-lived local credential storage. Even with 0600 permissions, storing secrets in plaintext increases exposure through local file compromise, backups, debugging output, or accidental disclosure to other tools that read config files.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger phrases are broad and match common requests such as 'search for', 'look up', and 'latest news', making accidental invocation likely. In an agent setting, overly broad triggers can cause unintentional transmission of user prompts or sensitive context to an external search provider when the user did not explicitly ask to use this specific skill.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation instructs users to place the Zhipu API key in the MCP broker URL query string (`?Authorization=<ZHIPU_API_KEY>`), which increases the chance the secret is exposed via logs, browser history, proxy records, monitoring tools, referrers, or process output. Even if the upstream service supports this format, documenting it without an explicit warning or safer handling guidance creates a real credential-leak risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal