ClawHub

Tavily + Zhipu Web Search

Security checks across malware telemetry and agentic risk

Overview

This is a real web-search skill, but it can automatically reuse a locally stored OpenClaw provider API key in a way users may not expect.

Review before installing if you have OpenClaw provider keys configured locally. Prefer setting explicit TAVILY_API_KEY and ZHIPU_API_KEY values, avoid private or regulated search terms, and consider removing or editing the openclaw.json fallback if you do not want this skill to reuse local provider credentials.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The skill reads an API key from a local user config file (~/.openclaw/openclaw.json) even though its main purpose is web search. Accessing unrelated local credential stores expands the data-access scope of the skill and can surprise users, especially because the retrieved secret is then used to authenticate outbound requests to a third-party service. In an agent context, this weakens least-privilege boundaries and increases the risk of unintended credential use.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The trigger description is very broad and covers generic needs like news, real-time information, and web lookup, which can cause the skill to be invoked for many ordinary user requests. Overbroad invocation increases the chance that sensitive or unnecessary user content is sent to external search providers when a local or safer response path would have been sufficient.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The description does not warn that user queries will be transmitted to external providers such as Tavily or Zhipu. Without clear disclosure, users may unknowingly send personal, confidential, or regulated data to third parties, creating privacy, compliance, and data-handling risks.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The script collects API credentials from environment/config and sends user search queries to external services, but the code provides no explicit disclosure or consent mechanism before transmitting data. In an agent skill, users may assume the tool is local unless told otherwise, so sensitive prompts or internal queries could be sent off-platform without clear notice.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal