ClawHub

Web Learner

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward web research skill; its main risks are expected web-search privacy and source-bias considerations, not hidden or harmful behavior.

Install this if you want the agent to research the web for current information. Avoid putting confidential details, private links, or sensitive identifiers into search requests unless you are comfortable sending them to search providers or visited websites. Ask for a specific language or region when you do not want Chinese-focused results, and explicitly approve any browser action involving logins, forms, downloads, purchases, or account changes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger conditions are broad enough to match common conversational requests such as '了解', '学习', or '汇报', which can cause the skill to activate when the user did not explicitly intend web access. In a web-enabled skill, overbroad activation increases the chance of unnecessary network access, retrieval of untrusted content, and unintended data disclosure through external queries.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill description states that the agent can autonomously search and browse the internet, but it does not require notifying the user that external services will be contacted or that third-party content will be fetched. This weakens user awareness and consent, especially when prompts may contain sensitive topics or when external queries could reveal user interests or data.

Natural-Language Policy Violations

Medium
Confidence
81% confidence
Finding
Forcing Chinese output and preferring Chinese search results without offering a language or locale choice can misalign results with the user's actual needs and silently bias source selection. While not directly a code-execution issue, it can degrade accuracy, omit relevant sources, and cause privacy or jurisdiction concerns if queries are routed toward region-specific providers by default.

Natural-Language Policy Violations

Medium
Confidence
88% confidence
Finding
The guidance hard-codes `country: "CN"` and `search_lang: "zh"` as default search parameters, which can steer all web lookups toward a single locale and language without user awareness or consent. In a web-learning skill, this can bias results, reduce relevance for non-Chinese users, and cause omission of important information from other regions or languages, especially for news, safety, or time-sensitive topics.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal