ClawHub

深度内容搜索

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed multi-platform content search and scraping skill, with privacy cautions but no evidence of hidden, destructive, or credential-stealing behavior.

Install only if you are comfortable sending search terms or article URLs to the listed third-party services and storing retrieved content locally when using --output. Use non-sensitive queries, keep result limits modest, and consider a controlled Python environment for the unpinned dependencies.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger description is very broad: it activates for general requests about deep search, article retrieval, or WeChat link parsing. Overbroad activation can cause the agent to invoke this network-capable scraping skill for routine information requests, unnecessarily sending user queries to third-party sites and expanding exposure to untrusted content.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation advertises fetching full text from multiple platforms and saving results to files, but it does not clearly warn users about outbound transmission of search terms/URLs to third parties or the risks of persisting scraped content locally. This can lead to privacy leakage, unintentional storage of sensitive material, and filesystem misuse if output paths are not constrained.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill sends user-supplied queries and URLs to multiple third-party services by default, including search engines and content platforms, without explicit notice or consent. In an agent context, this can leak sensitive prompts, internal project names, or private investigation terms to external providers, creating privacy and compliance risk even if no exploit is needed.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal