ClawHub

Felo Search

Security checks across malware telemetry and agentic risk

Overview

This is a real Felo web-search skill, but its very broad triggers can send ordinary user questions to Felo more often than users may expect.

Install only if you are comfortable with broad search-like and general questions being sent to Felo using your API key. Avoid using it for confidential, personal, proprietary, credential-related, or local-project content unless you intentionally want that text shared with Felo.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

High
Confidence
95% confidence
Finding
The skill description and usage criteria are broad enough that many ordinary information-seeking prompts could trigger this skill automatically. Because the skill sends user queries to an external service, overbroad routing increases the chance of unintended third-party disclosure of user content and unnecessary external tool execution.

Vague Triggers

High
Confidence
98% confidence
Finding
The listed trigger words are extremely generic across multiple languages, including common terms like "what," "where," and "how," which appear in routine conversations. This makes accidental invocation likely and, in this skill's context, can cause user prompts to be transmitted to an external API without a sufficiently deliberate opt-in.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill instructs sending the user's query directly to Felo's external API but does not require a clear user-facing notice that their prompt will leave the local environment. In a tool-using assistant context, this creates a privacy risk because users may not realize sensitive content is being transmitted to a third party.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal