ClawHub

Openclaw Grok Search

Security checks across malware telemetry and agentic risk

Overview

This is a real Grok-style web search skill, but it ships with a default third-party endpoint and a live-looking API key that users may unknowingly use.

Review config.json before installing or running. Remove the bundled key and third-party endpoint unless you intentionally want to use that service, prefer your own environment variables or config.local.json, and do not send private code, credentials, logs, or regulated data in search queries.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
96% confidence
Finding
The skill clearly instructs use of network, shell, file read/write, and environment-based configuration, yet declares no permissions or user-facing disclosure about those capabilities. This creates a transparency and consent gap: an agent may invoke a capability-rich skill without an explicit permission model, increasing the chance of unintended external requests, local file changes, or secret exposure through environment/config handling.

Context-Inappropriate Capability

Medium
Confidence
82% confidence
Finding
The skill can automatically execute a local configure.py script when configuration is missing, which expands behavior from simple web search into subprocess execution. If the skill directory or configure.py can be modified by another local actor or delivered from an untrusted source, running the skill can trigger unintended code execution under the current user account.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger condition 'You are uncertain and need external confirmation before final output' is overly broad and can cause the skill to be invoked in many ordinary conversations, not just clearly time-sensitive research tasks. In context, that broad routing is risky because invocation sends prompts to an external Grok-compatible endpoint, expanding unnecessary data exposure and making overuse of networked research more likely.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The description says the skill performs real-time web research via an OpenAI-compatible Grok endpoint, but it does not warn that user queries and possibly surrounding context will be transmitted to a third-party service. That omission undermines informed consent and may lead users or agents to send sensitive, internal, or regulated information off-system without realizing it.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The script interactively collects an API key and writes it in plaintext to a JSON config file on disk without any warning, masking, or permission hardening. This increases the chance of accidental credential exposure through local compromise, backups, screenshots, shared project directories, or source-control mistakes; in a search skill that depends on a live API endpoint, compromise of the key could enable unauthorized API use and billing or data-access abuse.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill sends the user query to a remote endpoint and also allows arbitrary extra headers and request-body fields from config, environment variables, or CLI arguments. In this context, that can lead to unintended disclosure of sensitive prompts, internal data pasted into queries, or custom headers/body values that alter downstream behavior without any safety guardrails or transparency.

Session Persistence

Medium
Category
Rogue Agent
Content
## Quick Start

1. Write config interactively (first run only).

```bash
python scripts/configure.py
Confidence
84% confidence
Finding
Write config interactively (first run only). ```bash python scripts/configure.py ``` 2. Run a query. ```bash python scripts/grok_search.py --query "What changed in Python recently?" ``` ## Config

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal