ClawHub

Deep Research

Security checks across malware telemetry and agentic risk

Overview

This deep-research skill is not deceptive, but it gives automated child agents broad shell, file, web, and data-collection authority that users should review before use.

Install only if you are comfortable with a skill that can create scripts and run multiple non-interactive research agents. Use it in a dedicated workspace, review the proposed plan before approving execution, narrow child `--allowedTools` where possible, avoid confidential topics unless external providers are approved, and periodically delete `.research/` artifacts that should not be retained.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger conditions are overly broad, including generic natural-language phrases like deep research and related variants, which can cause the skill to activate in unintended contexts. Because this skill can launch subprocesses, perform network access, and write files, accidental invocation materially increases the chance of unnecessary high-privilege actions and user-surprising behavior.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill requires saving raw fetched content and detailed logs locally but does not require clear user-facing notice about what data will be stored, for how long, or whether third-party content may contain sensitive material. In a research workflow that aggressively caches network results, this creates privacy and compliance risk through unbounded retention of potentially sensitive or copyrighted data.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill authorizes child processes to run Bash, access the network, and write files non-interactively, yet lacks a centralized safety boundary that limits command classes, destination paths, and external access scope. In this context, broad autonomous subprocess permissions magnify the risk of prompt-induced command execution, uncontrolled data exfiltration, excessive crawling, or unintended file modification.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal