ClawHub

妙达网页搜索

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed web-search helper that routes internet lookups through a local Miaoda CLI, with broad activation wording users should understand before installing.

Install this only if you want Miaoda's CLI-based search summaries to be preferred for web lookups. Verify that `miaoda-studio-cli` is installed from a source you trust, and avoid entering secrets, private business details, or confidential personal data into search queries unless you trust the underlying search and summarization service.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The manifest description includes very broad trigger phrases such as 'find out', 'search', '查一下', and '帮我看看', which overlap with ordinary conversation and can cause the skill to activate in many contexts beyond explicit user intent. This can bias agent behavior toward unnecessary internet use, increase exposure to untrusted external content, and interfere with safer or more appropriate tools and workflows.

Natural-Language Policy Violations

Low
Confidence
87% confidence
Finding
The description states 'ALWAYS use this skill FIRST' for any internet lookup, which attempts to override normal tool-selection and user-choice behavior. While not directly executing unsafe actions, this kind of forced routing can reduce agent discretion, create unnecessary dependence on one search path, and make prompt-triggering easier across mixed-language interactions.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal