ClawHub

Xby Web Research Assistant

Security checks across malware telemetry and agentic risk

Overview

This skill is a web research API wrapper that is mostly clear about its purpose, but users should understand it stores an API key locally and sends research inputs to an external service.

Install only if you are comfortable using the XiaoBenYang service for your research queries and URLs. Treat the API key as a secret because it is stored in a local .env file, and avoid sending credentials, private code, internal URLs, or personal data through the query, URL, or reasoning fields.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Intent-Code Divergence

Medium
Confidence
84% confidence
Finding
The documented purpose is a web research assistant, but the project structure references a gaokao-related skill, which is an integrity and provenance mismatch. Such inconsistencies make it harder to trust the package contents and increase the risk that users install a skill whose code or data flows do not match the advertised function.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill instructs the agent to request a user API key and save it via a configuration function, but it does not warn the user that the credential will be persisted. This can lead to uninformed disclosure of a secret and long-term credential exposure if the stored key is later read, logged, or exfiltrated.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill is designed to search, crawl, and extract data from arbitrary URLs, but the documentation does not warn users that their queries and target URLs will be sent to external or local services. This weakens informed consent and can expose sensitive research topics, internal URLs, or proprietary targets to other systems.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The code persists an API key to a plaintext .env file and updates the process environment without any visible user confirmation, warning, or security controls. This increases the chance that users unknowingly leave long-lived credentials on disk where they may be exposed through backups, repository mistakes, local compromise, or permissive file access.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The wrappers forward user-supplied queries and especially free-form reasoning strings to external or local API services via call_api without any visible minimization, consent, or disclosure boundary in this file. That creates a privacy and data-handling risk: users may include sensitive internal context, credentials, proprietary code fragments, or personal data in reasoning fields that are then transmitted to search, crawl, or third-party-backed services.

Ssd 3

Medium
Confidence
89% confidence
Finding
The skill creates a workflow where the model asks for a secret, stores it, and later handles raw tool outputs, which increases the chance that user-supplied credentials or related sensitive values are surfaced in natural-language responses. In a tool-integrated agent, this is dangerous because secrets can leak through summarization, debugging messages, or unfiltered result rendering.

Ssd 3

Medium
Confidence
95% confidence
Finding
The instruction to directly display raw API response data authorizes unfiltered disclosure of whatever the upstream service returns. In this skill context, responses may contain sensitive metadata, tokens, account identifiers, or extracted content from arbitrary web targets, so blindly rendering raw data materially increases leakage risk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal