ClawHub

BO-OpenSearch

Security checks across malware telemetry and agentic risk

Overview

This is a real web-search skill, but it is broad enough to auto-trigger on ordinary information requests and tells the agent to log search queries and URLs without clear limits.

Install only if you want this skill to handle broad web-search requests automatically. Avoid sensitive personal, business, legal, medical, or credential-related searches unless you are comfortable with those queries being sent to external search/fetch tools and potentially recorded by the agent’s logging or cache behavior.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

High
Confidence
93% confidence
Finding
The skill is configured to auto-trigger on very common conversational terms such as “搜索”, “查一下”, and “search”, which are likely to appear in normal dialogue even when the user did not intend to invoke this specific skill. Because this skill performs external web retrieval, accidental activation can cause unintended browsing, data disclosure in outbound queries, and interference with the agent’s normal routing behavior.

Vague Triggers

High
Confidence
95% confidence
Finding
The skill is described as activating on very broad cues like “搜索”, “查一下”, “查查”, “search”, or any information-seeking message, which can easily overlap with ordinary conversation. That increases the chance of unintended web access and data handling, especially because the workflow also mandates logging queries and fetched URLs.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill explicitly states it will fetch webpages and log the original query, URL list, statuses, scores, dispositions, and timestamps, but it provides no user-facing notice, consent mechanism, retention policy, or data minimization guidance. This can expose sensitive user queries or browsing targets in logs and creates privacy and compliance risk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal