ClawHub

Live Search

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed live web-search helper that sends search terms through the host app’s local gateway and shows no hidden persistence, destructive behavior, or unrelated data access.

Install this if you are comfortable with the assistant using the host app’s search gateway for live web lookups. Keep queries concise, do not include secrets or confidential data, and verify important results at the linked sources.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

External Transmission

Medium
Category
Data Exfiltration
Content
PPID_VAL=$(python3 -c "import os; print(os.getppid())")
echo "[Assistant] Parent PID: $PPID_VAL"

curl -s -X POST http://localhost:$PORT/proxy/prosearch/search \
  -H 'Content-Type: application/json' \
  -d '{"keyword":"your search query"}'
```
Confidence
95% confidence
Finding
curl -s -X POST http://localhost:$PORT/proxy/prosearch/search \ -H 'Content-Type: application/json' \ -d '{"keyword":"your search query"}' ``` **Freshness (recommended for time-sensitive queries)

External Transmission

Medium
Category
Data Exfiltration
Content
echo "[Assistant] Parent PID: $PPID_VAL"

# Basic
curl -s -X POST http://localhost:$PORT/proxy/prosearch/search \
  -H 'Content-Type: application/json' \
  -d '{"keyword":"latest AI news"}'
Confidence
94% confidence
Finding
curl -s -X POST http://localhost:$PORT/proxy/prosearch/search \ -H 'Content-Type: application/json' \ -d '{"keyword":"latest AI news"}' # More results (no time/site) curl -s -X POST http://localh

VirusTotal

No VirusTotal findings

View on VirusTotal