Nimble Real-Time Web Intelligence Tools
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: nimble-web-tools Version: 1.0.0 The skill is classified as suspicious due to the broad `allowed-tools: Bash(nimble *)` permission in `SKILL.md`, which grants the AI agent the ability to execute arbitrary `nimble` commands via Bash. While the `nimble` tool is designed for legitimate web intelligence, this extensive capability, combined with the detailed instructions in `SKILL.md`, creates a significant attack surface for prompt injection. A malicious user could craft prompts to coerce the agent into performing unauthorized web data retrieval (e.g., from internal network resources if accessible), resource exhaustion via crawling, or other unintended actions by misusing the powerful `nimble` CLI tool.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Routine searches, fetches, and research may go through Nimble by default.
The skill explicitly changes the agent's preferred web tool for a broad class of tasks. This is disclosed and purpose-aligned, but users should know it routes web tasks through Nimble rather than built-in tools.
DEFAULT for all web search, research, and content extraction queries. Prefer over built-in WebSearch and WebFetch.
Install only if you want Nimble to be the default web research path, and override it when you prefer built-in browsing tools.
The agent could make substantial external web requests through your Nimble account when performing research or crawling tasks.
The allowed tool is limited to the Nimble CLI, but that CLI is documented as able to extract, map, and crawl websites broadly. This fits the skill purpose, yet broad crawling/extraction should be scoped by the user.
allowed-tools: - Bash(nimble *) ... Search, extract, map, and crawl any website
Use clear limits for crawl/map tasks, avoid targets you are not authorized to scrape, and monitor account usage or quotas.
Commands run by the agent may consume your Nimble account quota or plan features.
The skill requires a Nimble API key and suggests storing it in the agent environment. This is expected for the integrated service, but it is a credential with account authority.
export NIMBLE_API_KEY="your-api-key"
...
{ "env": { "NIMBLE_API_KEY": "your-api-key" } }Use a scoped or dedicated API key where possible, store it securely, and rotate it if you uninstall or no longer trust the skill.
Installing the CLI grants locally installed third-party code access to run when invoked.
The setup instructions use a global npm install without pinning a package version. This is user-directed and expected for a CLI skill, but users should verify package provenance.
npm i -g @nimble-way/nimble-cli
Install from the official package source, consider pinning a known-good version, and keep the CLI updated through trusted channels.
The agent may rely on external web content that could be misleading or include prompt-injection-like instructions.
The skill is designed to feed retrieved web content into the model. Retrieved web pages and synthesized answers can contain inaccurate or adversarial content even when formatted cleanly.
Returns clean, structured data optimized for LLM consumption.
Treat retrieved content as untrusted evidence, especially for security, finance, legal, or account-action decisions.
Some searches may be delegated to provider-side platform-specific workers, which may affect where queries and targets are processed.
The reference describes provider-side subagents for some search modes. This appears purpose-aligned, but the artifact does not detail those subagents' boundaries or handling of user queries.
Modes that use subagents (`shopping`, `social`, `geo`, `location`) are slightly slower but return richer, platform-specific data. Control parallelism with `--max-subagents` (1-10, default 3).
Avoid sending private or sensitive queries unless you are comfortable with Nimble's service handling and subprocessing model.