ClawHub

Smart Web Search

Security checks across malware telemetry and agentic risk

Overview

This is a web-search skill with no executable payload, but it can be invoked by very broad phrases and sends queries to multiple third-party search providers without clear user control or privacy notice.

Install only if you are comfortable with routine search requests potentially being routed to external search engines. Avoid secrets, confidential business terms, personal identifiers, and sensitive medical or financial queries, and treat the skill's safe-search and filtering claims as advisory rather than guaranteed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (20)

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The README materially misrepresents the search providers: the metadata says Baidu and Google are primary engines, while the documented implementation lists 360, Sogou, Bing CN, DuckDuckGo, Qwant, and Startpage instead. This is a security-relevant integrity issue because users and operators may make trust, privacy, censorship, compliance, or network-routing decisions based on the advertised engines, but the skill would send queries to different third-party services.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The skill advertises capabilities such as real-time news, ad filtering, content detoxication, and verified/safe search, but the README only describes engine switching and simple result-page fetching. Overstated safety and filtering claims are dangerous because users may rely on protections that do not actually exist, increasing exposure to ads, unsafe content, misinformation, or unvetted results.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
This section describes collecting user feedback across multiple channels, including direct messages and session ratings, but provides no notice about what data is stored, how long it is retained, or who can access it. In a search skill, feedback and associated metadata can reveal user interests, issues, and potentially sensitive topics, so silent collection increases privacy and compliance risk.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
This section explicitly tracks search counts, feature usage, engine preferences, and time-of-day usage, which are behavioral telemetry data points. Without disclosure, opt-out controls, or safeguards, this can expose sensitive patterns about user behavior and create avoidable privacy risk, especially for a web search tool handling potentially sensitive queries.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The logging and analytics sections mention search logs, error logs, performance logs, and user behavior analysis without any warning about sensitive data handling. Search logs are particularly sensitive because they may contain personal, medical, financial, or political queries, so undocumented logging materially raises the risk of privacy violations or unintended disclosure.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The feedback form explicitly asks users for potentially sensitive data such as exact query terms, timestamps, screenshots/recordings, and error details, but the document provides no privacy notice, minimization guidance, retention policy, or handling constraints. In a search skill, query text can reveal health, political, financial, or other sensitive interests, so collecting it without safeguards creates unnecessary privacy and data-handling risk.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The release report explicitly recommends the skill for medical information, investment analysis, business decisions, and policy/regulatory topics while describing the system as highly accurate, verified, and production-ready. That framing can cause users to over-trust search output in high-stakes domains without any disclaimer that results may be incomplete, manipulated, outdated, or require independent professional verification.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The document describes sending user queries to multiple search engines and generating AI summaries from returned snippets, but provides no privacy notice, retention guidance, or data-handling boundaries. In a search skill, queries may contain sensitive personal, business, or regulated information; silently forwarding them to multiple third parties increases disclosure risk and can violate user expectations or compliance requirements.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The document describes sending user queries to external search engines and fetching result pages, but it does not warn users that their prompts, search terms, IP address, and related metadata will be transmitted to third-party web services. In a search skill, this omission matters because users may submit sensitive corporate, personal, or investigative queries assuming the action is local or privacy-preserving.

Natural-Language Policy Violations

Medium
Confidence
87% confidence
Finding
The skill hard-codes language-based routing so Chinese queries are directed to domestic engines and English queries to international ones without informing the user or offering a choice. This can change the legal/privacy environment of the query, create unexpected data transfer to region-specific providers, and expose sensitive searches to services the user did not intend to use.

Vague Triggers

Medium
Confidence
93% confidence
Finding
These example phrases are generic natural-language requests like search queries, so they could cause the skill to activate during ordinary conversation rather than only when explicitly intended. In an agent system, broad activation patterns can silently route benign user input into web-search behavior, expanding data exposure and making downstream tool use harder for users to predict or control.

Vague Triggers

Medium
Confidence
92% confidence
Finding
Phrases like '安全搜索', 'verified', or '去毒' are ambiguous and could match ordinary user wording rather than a deliberate tool invocation. Because the skill positions itself as a safety-enhanced search tool, accidental activation is especially risky: users may assume they are receiving normal assistant reasoning while the agent is actually invoking external search and applying opaque filtering logic.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The recommended-use examples are ordinary requests such as asking for latest news or using Baidu/Google, which strongly overlap with common user intents. This increases the chance of overbroad skill invocation across many routine prompts, potentially causing unsolicited browsing, result filtering, or external data handling when the user did not explicitly consent to use this skill.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The invocation phrases are extremely broad, including common language like 'search', 'find', and '帮我找一下', which can unintentionally hijack ordinary user requests. In an agent environment, overbroad triggers can cause the skill to activate in contexts the user did not intend, leading to unintended external web queries and data disclosure to third-party search engines.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The README does not clearly warn users that their queries are transmitted to third-party search engines and websites, despite the skill routing searches to multiple external providers. This is dangerous because users may enter sensitive personal, corporate, or regulated information assuming a local or privacy-preserving search flow, when in fact it is disclosed externally.

Vague Triggers

High
Confidence
97% confidence
Finding
The trigger list includes very broad everyday phrases such as 'search', 'find', 'latest', and 'safe search', which are likely to match normal conversation and unintentionally invoke the skill. Because this skill sends queries to external search engines and may fetch third-party URLs, accidental activation can leak user intent or content to outside services and override expected built-in behavior.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The examples encourage vague invocations like 'Search XXX' and 'find XXX', reinforcing the same overly broad activation pattern in practice. This increases the chance that users will invoke the skill unintentionally and disclose queries to third-party engines without realizing a specific external-search skill was selected.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill describes sending queries to multiple external search engines and fetching result URLs, but it does not provide a clear privacy warning or consent boundary. Users may unknowingly expose sensitive interests, internal project names, health or financial topics, or other private data to Baidu, Google/Startpage, Bing, and additional third parties.

Vague Triggers

High
Confidence
96% confidence
Finding
The trigger list is excessively broad and includes common phrases such as "search," "find," and "latest," which can cause the skill to activate on many unrelated user requests. In an agent environment, overbroad activation can silently route normal queries through this skill, expanding its opportunity to fetch external content, influence responses, or override more appropriate tools.

Vague Triggers

Medium
Confidence
90% confidence
Finding
News-oriented triggers like "latest news," "today news," and "latest" are ambiguous and do not clearly indicate when this specific skill should run. That ambiguity increases accidental invocation during ordinary conversation, especially for time-sensitive topics, which can expose the agent to unnecessary external content and reduce user control over tool use.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal