ClawHub

中文搜索增强工具,整合百度、必应、微信、知乎等 6 个中文搜索引擎,支持高级搜索语法和时间过滤,无需 API 密钥。

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Chinese web-search helper; the main thing users should know is that search terms go to third-party search engines.

Install this only if you want a Chinese-focused search helper. Treat anything you search for as potentially disclosed to the selected search engine, and be aware that the broad "搜索" trigger may make the skill available for general search requests.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill explicitly instructs users to send arbitrary search queries to multiple third-party search engines, but it does not warn that those queries may contain sensitive research topics, personal data, account-linked identifiers, or internal project information. Because the skill is designed to aggregate external web requests across several providers, it increases privacy and data-exposure risk in normal use, especially when users may assume it is a neutral local capability rather than a disclosure to external services.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger phrase "搜索" is extremely broad and likely to match many ordinary user messages, causing the skill to activate when the user did not explicitly intend to use this tool. Because the skill has web_search and web_fetch capabilities, unintended activation can lead to unnecessary external requests, privacy leakage of user prompts, or tool selection hijacking over more appropriate skills.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal