Security audit

OpenClaw China Search Tips

Security checks across malware telemetry and agentic risk

Overview

This search skill does perform external search, but it gives unsafe third-party GitHub login advice and under-discloses where credentials and queries are sent.

Treat this as a Review install. Do not enter GitHub credentials on githubs.cn or any unofficial GitHub mirror; use official GitHub login only. Use revocable, low-privilege API keys, avoid sensitive searches, and review or disable the Volcengine/open.feedcoopapi.com path before use.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (4)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The README encourages sending arbitrary search queries through multiple third-party search providers and using API keys, but it does not warn users that their queries, metadata, and credentials may be transmitted to external services with different privacy and logging practices. In this skill’s context, automatic fallback increases exposure because a single query may be retried across multiple providers, potentially multiplying data disclosure without the user’s awareness.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill instructs users to configure third-party search API keys but does not warn that user prompts and search queries may be transmitted to external providers. This creates a privacy and data-governance risk, especially if users submit sensitive business, personal, or regulated information assuming the search is local or first-party.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: User search queries are sent to external third-party services without any explicit disclosure or consent mechanism in the code path. In a search skill, this is contextually expected, but it still creates a real privacy risk because users may unknowingly submit sensitive internal, personal, or regulated information to outside providers.

Natural-Language Policy Violations

Medium

Confidence: 76% confidence
Finding: The code hard-codes a China-specific user location into the Volcengine request without user choice or clear opt-in. This can affect privacy, produce region-biased results, and may misrepresent the user's location to a third party, which is especially sensitive in a skill explicitly designed around domestic network constraints.

VirusTotal

No VirusTotal findings

View on VirusTotal