Back to skill

Security audit

Content Research - MCB AI

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed web-research skill that uses Brave and Tavily search, with privacy and credential-handling cautions but no evidence of hidden or destructive behavior.

Install only if you are comfortable sending research queries to Brave/Tavily and allowing use of a Tavily API key from your OpenClaw environment file. Avoid confidential topics or secrets in search prompts, use a revocable Tavily key, and keep shell/API execution limited to the documented Tavily search request.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill explicitly instructs reading `TAVILY_API_KEY` from the user's local `~/.openclaw/.env` file, which accesses local secrets unrelated to the user's direct research query. Even though the key is then used for a search API, pulling credentials from local storage without clear consent expands the skill's privileges and creates unnecessary secret-handling risk.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
The skill directs the agent to use `exec` to run PowerShell for HTTP requests, which introduces shell execution capability where a normal web/API tool should suffice. Combining shell execution with interpolated query content creates an avoidable command-execution surface and exceeds the minimum privileges needed for content research.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The README shows broad natural-language activation examples like researching topics or finding articles without defining tighter trigger boundaries, exclusions, or confirmation conditions. In an agent environment, this can cause over-broad auto-invocation on ordinary user requests, leading to unintended external searches, unnecessary data sharing with third-party providers, and workflow confusion.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The README describes use of Brave Search and Tavily but does not clearly warn that user prompts or derived search queries will be transmitted to external search services. This creates a privacy and data-handling risk because users may include sensitive business, personal, or confidential information in research requests without realizing it leaves the local agent environment.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The manifest description contains broad trigger phrases such as general requests to find articles or research topics, which can cause the skill to activate in many ordinary conversations. Overbroad activation increases the chance that the skill accesses external services or privileged tools when the user did not clearly request this specific workflow.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The documentation tells the agent to use a local API key and send outbound requests to Tavily, but gives no user-facing disclosure about credential usage, third-party data transfer, or what query content may leave the system. That omission can lead to silent transmission of user-supplied research topics and silent handling of secrets.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The skill includes subprocess-style PowerShell execution to reach an external API without any warning about shell use, external transmission, or the risks of constructing commands from dynamic input. In a skill context, hidden shelling-out is more dangerous than a normal documented API call because it broadens available behavior beyond the stated purpose.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.