ClawHub

Autoglm Websearch

Security checks across malware telemetry and agentic risk

Overview

This web-search skill is mostly coherent, but it automatically retrieves and uses a local bearer token for third-party searches without enough scoping or consent detail.

Install only if you trust the AutoGLM endpoint and the local token service on your machine. Treat search terms as data sent to a third party, and confirm that the local bearer token is intended for this API, scoped narrowly, and not shared with unrelated services.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
84% confidence
Finding
The activation criteria are extremely broad, covering generic web search, latest news, page retrieval, and real-time information requests. Broad matching increases the chance the skill will trigger for ordinary user queries and perform network/token actions unexpectedly, which is a security and privacy concern in an agent environment.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation instructs automatic credential retrieval from a local service and outbound API calls, but does not warn users that authentication material is being accessed and that queries will be transmitted to a third-party endpoint. This lack of transparency can lead to inadvertent disclosure of user prompts or sensitive local context through network operations.

Ssd 3

Medium
Confidence
94% confidence
Finding
The skill documents automatic retrieval and direct use of a bearer token from a local HTTP service, exposing sensitive credential-handling behavior in operational instructions and normalizing silent credential access. In context, this is more dangerous because the skill is designed for frequent, generic web-search use, so token retrieval and remote transmission may happen often and without sufficient user awareness.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal