ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Content Research - MCB AI

v1.0.0

Research and discover trending content sources for any topic using web search. Use this skill whenever the user wants to find articles, news, blog posts, or...

0· 29·0 current·0 all-time
byMCB AI@mcbaivn
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's stated goal (find trending content via Brave + Tavily) aligns with the instructions which use the built-in web_search and an external Tavily API. However, the skill metadata does not declare the Tavily API key or any primary credential even though SKILL.md and README instruct the agent to read and use TAVILY_API_KEY. That discrepancy suggests incomplete metadata rather than outright malicious intent.
!
Instruction Scope
SKILL.md explicitly instructs the agent to read ~/.openclaw/.env and extract TAVILY_API_KEY, then run PowerShell Invoke-RestMethod to call https://api.tavily.com/search. Reading a user's home .env file and executing platform-specific shell commands expands the skill's access surface beyond simple web search. While these actions are explainable for contacting Tavily, they access local files and use exec instructions that should be declared and constrained.
Install Mechanism
No install spec or bundled code is provided (instruction-only), so nothing will be downloaded or written to disk by the registry install process. This is the lower-risk install pattern.
!
Credentials
The skill requires an API key for Tavily (and references Brave config) in practice, but requires.env and primary credential are left empty in metadata. The instructions also show reading a plaintext ~/.openclaw/.env file to obtain the key. Requiring local access to a secrets file without declaring it is disproportionate and a transparency issue.
Persistence & Privilege
The skill is not always-enabled and is user-invocable; autonomous invocation remains enabled (platform default). That combination is normal. Note: autonomous invocation plus access to external APIs/secret material increases blast radius, but this alone is not unusual and does not change the verdict.
What to consider before installing
This skill appears to do what it claims (search Brave + call Tavily) but it currently omits declaring the Tavily API key and instructs the agent to read ~/.openclaw/.env and run PowerShell. Before installing, ask the publisher to: (1) update metadata to list required env vars (TAVILY_API_KEY, and any Brave key) so you know what secrets are needed; (2) avoid reading plaintext ~/.openclaw/.env — prefer the platform secret store or an explicit opt-in; (3) provide cross-platform (non-PowerShell) instructions or detect OS before running shell commands; and (4) document how Tavily responses are used and whether any user data is sent to third parties. If you are uncomfortable with an agent reading files in your home directory or sending requests to an external API using a secret, do not install. If you proceed, only provide the minimum-scoped API key and consider restricting autonomous invocation until you’ve reviewed behavior in a controlled setting.

Like a lobster shell, security has layers — review code before you run it.

contentvk97b1zzah8n2f9ah0fwrd9gyed8497xflatestvk97b1zzah8n2f9ah0fwrd9gyed8497xfmcbaivk97b1zzah8n2f9ah0fwrd9gyed8497xf

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments