ClawHub

Google AI Mode Search

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Google AI Mode search helper, but users should treat all queries, follow-up summaries, and feedback text as data sent to LinkFox and Google.

Install only if you are comfortable sending search terms, follow-up context summaries, and possible feedback details to LinkFox and Google-related services. Do not use it with secrets, credentials, personal data, regulated data, confidential business plans, or sensitive prior conversation context unless the user has explicitly approved that disclosure.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Vague Triggers

Medium
Confidence
85% confidence
Finding
The trigger description is broad enough to capture many generic web-research and summarization requests, increasing the chance the agent routes user queries here when a narrower or safer tool would be more appropriate. Overbroad routing can expose user prompts and context to Google unexpectedly and produce mismatched behavior relative to user intent.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The boundary guidance includes vague phrases like 'AI 帮我汇总网上的说法' or '用谷歌搜一下', which are common requests that do not necessarily imply consent to this specific external AI-overview workflow. This ambiguity raises the risk of accidental invocation, unnecessary data sharing, and confusion about what tool is being used.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs the agent to summarize prior answers and concatenate that context into a new `keyword`, but it does not clearly warn users that both their query and follow-up context are transmitted to Google. This can leak sensitive user-provided or model-generated context to a third party without informed consent.

Natural-Language Policy Violations

Medium
Confidence
72% confidence
Finding
The guidance recommends changing query language to match the target market by default, which can alter the user's original request and potentially broaden disclosure to external services in ways the user did not explicitly choose. While not a direct exploit primitive, it weakens user control and can lead to inaccurate or privacy-impacting query reformulation.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The documentation instructs the agent to send user search keywords and an API key to an external service but does not warn that user inputs will leave the local system and be processed by third parties. This creates a real privacy and secret-handling risk because users or integrators may unknowingly transmit sensitive queries, and implementers may expose or mishandle the credential in logs or downstream tooling.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The Feedback API asks callers to submit user statements and outcome details to a separate external endpoint without any privacy notice, minimization guidance, or consent requirement. That is dangerous because feedback content can easily include personal data, sensitive business context, or copied user prompts, causing unintended disclosure to a third-party service.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal