ClawHub

Smart Search

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed web-search helper that sends user-directed searches and URL extraction requests to external search/backfill services, with privacy cautions but no evidence of hidden, destructive, persistent, or credential-stealing behavior.

Install only if you are comfortable with search queries and URLs being sent to external search engines or remote extraction services. Avoid using it for secrets, private/internal URLs, proprietary project names, or regulated data, and be cautious with --extract-url in environments that can reach internal services.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The skill expands from search into arbitrary URL retrieval and content extraction via --extract-url and post-search extraction. In an agent context, this broadens the capability surface to fetching attacker-chosen URLs, which can expose sensitive network metadata, contact internal services if network access is broad, or retrieve unsafe/unexpected content beyond the user's apparent search intent.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The trigger phrases are very broad ('search', 'find info', 'look up', Chinese equivalents), making accidental invocation likely during ordinary conversation. In a skill that sends queries to external engines and can fetch arbitrary URLs, overbroad activation increases the chance of unintended disclosure of user prompts, sensitive terms, or context to third parties.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill lacks a clear warning that user queries and extracted URLs are transmitted to third-party search engines and remote websites. Because the tool supports arbitrary URL extraction and external fallback engines, users may unknowingly disclose personal, proprietary, or regulated information to outside services, making this a real privacy and data-governance risk.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
Search queries and extracted URLs are transmitted to external backends, but the script provides no explicit warning, consent gate, or privacy notice. In agent deployments, users may enter secrets, internal project names, or sensitive URLs, causing inadvertent disclosure to third-party search providers or extraction services.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal