ClawHub

Deep Researcher Skill

Security checks across malware telemetry and agentic risk

Overview

This research skill is mostly documentation, but it tells the agent to bypass paywalls by default, so it should be reviewed before installation.

Install only if you are comfortable reviewing and constraining its paywall behavior. Use it with open, licensed, or otherwise authorized sources; avoid entering sensitive API keys in plain chat; verify the external GitHub repository before cloning; and clarify how research history is stored or cleared if your host platform enables that feature.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The skill explicitly instructs the agent to circumvent paywalls using archive mirrors, 12ft.io, r.jina.ai, and direct browser extraction. That goes beyond normal research assistance into access-circumvention behavior, creating legal, terms-of-service, and policy risk while normalizing unauthorized retrieval of restricted content.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
Describing the browser tool as being used 'for paywall bypass' assigns an access-circumvention purpose to a powerful tool. This increases the chance the agent will misuse browsing capabilities to obtain content the publisher intended to restrict.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The guardrails say to 'Bypass paywalls before skipping,' which conflicts with the skill's otherwise quality- and ethics-oriented framing. Because guardrails are normative instructions, this makes circumvention a required behavior rather than an edge case, materially increasing misuse risk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The paywall-bypass instructions are presented without any warning about legal, ethical, or contractual implications. That omission makes unsafe behavior appear standard and endorsed, which is especially risky in an agent skill intended for repeated use.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
Labeling the browser tool as intended 'for paywall bypass' gives users and the agent no warning that the behavior may be inappropriate or prohibited. This embeds risky use directly into prerequisite guidance, making misuse more likely from the start.

Ssd 3

Medium
Confidence
88% confidence
Finding
The command 'Show my research history' implies retention and later exposure of prior user queries and findings, but the skill provides no data-handling, consent, retention, or access-control details. Research history can reveal sensitive interests, business plans, health, legal, or political topics and should not be stored or surfaced without explicit safeguards.

Ssd 3

Medium
Confidence
87% confidence
Finding
Advertising 'research history' in version notes reinforces that the skill may persist prior queries and findings across sessions. Persistent tracking without a privacy notice, retention limits, or user controls creates unnecessary data exposure risk and could leak sensitive research activity.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal