ClawHub

Multi-Engine Web Search

Security checks across malware telemetry and agentic risk

Overview

This is a coherent instruction-only web search helper, but users should know it can save search preferences and send queries to several search engines.

Before installing, choose explicit-only activation if you do not want the skill to run automatically for web lookups. Avoid putting secrets, internal URLs, private identifiers, or sensitive personal information in searches, because queries may be sent to multiple search providers. Review or delete ~/multi-engine-web-search/memory.md and any saved agent-memory activation preference if you later change your mind.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The setup instructs the skill to persist user preferences both to a local file and to the agent's main memory, which expands the skill from transient search behavior into cross-session state collection. For a web-search skill, this creates unnecessary retention of user behavior/preferences and can expose private profiling data or cause unexpected downstream behavior if other components read that memory.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
Automatically updating stored memory whenever preferences change introduces ongoing persistent state management unrelated to core search execution. This can silently accumulate user profile data over time and makes the skill capable of modifying durable state in ways the user may not expect from a search utility.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The skill instructs the agent to read setup on first use to define activation behavior, but it does not clearly constrain whether searches may run automatically or only after explicit user request. In a skill that sends user queries to multiple third-party engines, ambiguous activation can cause unintended external disclosure of user prompts or context.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill notes in an endpoint table that query text is sent externally, but the user-facing description and usage flow do not prominently warn that searches may be sent to multiple third-party providers. Because the skill is designed to batch at least three engines per request, users may unknowingly disclose sensitive prompts, identifiers, or research topics to several external services at once.

Vague Triggers

Medium
Confidence
77% confidence
Finding
The activation guidance includes broad modes such as triggering 'always when internet lookup is needed,' which can cause the skill to activate in many contexts without a specific user request. Over-broad invocation increases the chance of unnecessary external queries, privacy leakage through unintended searches, and user confusion about when the skill is operating.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The instructions tell the skill to write preferences to memory files and agent memory but do not require a clear disclosure or consent flow for persistent storage. In context, this is more concerning because a search skill can reveal sensitive interests, habits, and avoided services, so storing that data silently creates a meaningful privacy risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal