ClawHub

web-claude

Security checks across malware telemetry and agentic risk

Overview

This is a coherent web-search helper, but it can automatically use a logged-in Claude.ai browser session and persist every search to local memory without clear opt-out controls.

Install only if you are comfortable with queries going to Brave, DuckDuckGo, and potentially a logged-in Claude.ai account. Avoid sensitive searches unless you force a specific method, consider disabling or making the Claude.ai fallback opt-in, and periodically review or delete files under memory/research/.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill states that all search results are automatically saved to memory/research/, which can persist sensitive queries, links, and extracted insights without an explicit consent flow or warning at point of use. This creates privacy and data-retention risk, especially if users search for confidential business topics, regulated data, or personal information that later becomes accessible to other skills, sessions, or operators.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The browser fallback sends user queries through an authenticated claude.ai session, effectively disclosing user-supplied content to a third-party service, yet the documentation does not clearly warn users or require confirmation before doing so. This is risky because sensitive internal prompts, research topics, or proprietary data may be transmitted outside the local environment and subject to third-party logging, retention, and account-side exposure.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal