ClawHub
Back to skill
v1.0.0

Search

SuspiciousClawScan verdict for this skill. Analyzed Apr 30, 2026, 3:35 PM.

Analysis

This skill is mostly consistent with Bright Data web search, but it under-declares its required CLI and credential use while relying on shell automation and cross-skill handoffs.

GuidanceBefore installing, verify the Bright Data CLI source/version yourself, use a narrowly scoped Bright Data credential, and review any batch, scrape, or cross-skill handoff before allowing it to run.

Findings (8)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agent Goal Hijack
SeverityInfoConfidenceHighStatusNote
SKILL.md
For structured data from a known platform ... stop and use `data-feeds` instead.

The skill can halt or redirect the agent to another skill based on task type. This is disclosed and purpose-aligned, but it changes the agent's path from direct search.

User impactThe agent may stop searching and route the task to another Bright Data skill when it thinks that is more appropriate.
RecommendationConfirm that cross-skill routing is acceptable for your task, especially when the task involves third-party platforms or scraping.
Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
references/patterns.md
xargs -a urls.txt -n 1 -P 4 -I {} bash -c ' ... bdata scrape "$url" -f markdown -o "out/${hash}.md"'

The reference pattern chains search results into parallel scraping through shell commands. This is relevant to the search-to-scrape workflow, but it can amplify a broad or poor-quality URL list.

User impactA broad query could lead to multiple automated web requests and local output files.
RecommendationReview URL filters and concurrency before running batch or scrape pipelines.
Agentic Supply Chain Vulnerabilities
SeverityMediumConfidenceHighStatusConcern
SKILL.md
bdata CLI not installed — see bright-data-best-practices/references/cli-setup.md ... Halt and route to `skills/bright-data-best-practices/references/cli-setup.md` if either check fails.

The skill depends on an external CLI and setup guide, but the artifact set provides no install spec and the referenced setup file is not in the manifest.

User impactUsers may rely on an unverified or unexpected `bdata` binary or missing external setup instructions.
RecommendationAdd a declared required binary/install spec, pin or document the CLI source/version, and include or clearly declare referenced setup files.
Unexpected Code Execution
SeverityLowConfidenceHighStatusNote
references/patterns.md
xargs -a urls.txt -n 1 -P 4 -I {} bash -c '

The skill includes shell execution patterns. They are tied to search/scrape workflows, but still execute local shell commands.

User impactRunning the examples can execute shell loops and create or remove local files.
RecommendationInspect commands before running them, keep variables quoted, and avoid running batch examples on untrusted input files.
Cascading Failures
SeverityLowConfidenceHighStatusNote
references/patterns.md
while IFS= read -r q; do ... bdata search "$q" --engine google --country us --json ... done < queries.txt

The skill supports batch queries that can generate many result files and URL lists. The examples include deduplication and filtering, which helps contain the risk.

User impactA large or poorly chosen query file can create many requests and outputs.
RecommendationLimit batch size, deduplicate URLs, and inspect intermediate results before scraping or feeding outputs into other workflows.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityMediumConfidenceHighStatusConcern
SKILL.md
echo "bdata not authenticated — run: bdata login  (or: bdata login --device for SSH)"

The skill explicitly requires Bright Data account authentication, while the registry metadata declares no primary credential or required environment variables.

User impactUsing this skill can involve your Bright Data account credentials and potentially account-billed API usage even though the credential requirement is not fully declared in metadata.
RecommendationOnly use with a Bright Data account you control, review account permissions/zones, and prefer narrowly scoped API keys where available.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityMediumConfidenceHighStatusNote
references/examples.md
Find recent articles on a topic, with body content in one call, ready to feed into an LLM:

The skill can retrieve untrusted webpage bodies and suggests feeding them into an LLM, which can expose the agent to prompt-injection or misleading page content.

User impactWebpage content returned by the skill could contain instructions or misleading text that influences later AI reasoning.
RecommendationTreat retrieved page content as untrusted data, not instructions, and review or sanitize content before using it in downstream agent tasks.
Insecure Inter-Agent Communication
SeverityLowConfidenceHighStatusNote
SKILL.md
Hands off to `scrape` once target URLs are chosen, and to `data-feeds` when the user wants structured data from a known platform.

The skill explicitly passes work to other skills. This is disclosed and aligned with the workflow, but data boundaries and permissions for those other skills are not defined here.

User impactSearch queries, URLs, or selected targets may be passed into other Bright Data skills.
RecommendationConfirm which follow-on skill will be used and what data it will receive before approving handoffs.