Back to skill

Security audit

openclaw-serper

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed web-search skill that uses Serper and fetches search-result pages, with no evidence of hidden access, persistence, or destructive behavior.

Install this only if you are comfortable sending search queries to Serper and allowing the skill to fetch third-party result pages. Avoid putting secrets, credentials, regulated data, or internal-only URLs into searches unless that external disclosure is acceptable, and verify important results from trusted sources.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill clearly requires network access and reads an API key from the environment/.env, but the metadata does not declare permissions or prominently warn about those capabilities. This can mislead operators and users about what the skill can access and transmit, increasing the chance of unintended data exposure or policy bypass when the skill is enabled.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README explicitly promotes sending user queries to the Serper third-party API and fetching full content from result pages, but it does not clearly warn users that their prompts, search terms, IP/network metadata, and potentially sensitive retrieved content will be disclosed to external services. In a search skill, this omission is material because users may assume they are only getting snippets or local processing, while the skill actually performs broader network disclosure and full-page scraping.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill description emphasizes functionality but does not provide a user-facing privacy/security warning that queries are transmitted to an external search provider and that returned URLs are fetched over the network for content extraction. Users may submit sensitive prompts assuming local processing, causing accidental disclosure of confidential information to third parties.

Natural-Language Policy Violations

Medium
Confidence
75% confidence
Finding
The skill hardcodes locale-selection rules and mandates language/country flags without user opt-in, which can silently alter query routing and regionalization. While primarily a product/UX issue, it has security and privacy implications because it may direct searches to specific jurisdictions or providers and reveal inferred user language/location preferences without explicit consent.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.