ClawHub
Back to skill

Security audit

Web Search Plus

Security checks across malware telemetry and agentic risk

Overview

This skill performs disclosed web search and URL extraction using configured providers, with expected local caching and credential use that users should manage carefully.

Install only if you are comfortable sending searches and extraction URLs to the selected third-party providers. Use an explicit provider for sensitive work, disable or clear the cache when queries may contain confidential terms, avoid extracting private/internal URLs, and prefer environment variables or locked-down file permissions for API keys on shared machines.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Tainted flow: 'req' from input (line 257, user input) → urllib.request.urlopen (network output)

Medium
Category
Data Flow
Content
headers={"User-Agent": "ClawdBot-WebSearchPlus/2.5", "Accept": "application/json"}
            )

            with urllib.request.urlopen(req, timeout=10) as response:
                data = response.read().decode("utf-8")
                import json
                result = json.loads(data)
Confidence
94% confidence
Finding
with urllib.request.urlopen(req, timeout=10) as response:

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The function forwards user-supplied URLs and, depending on provider behavior, the fetched page contents to third-party extraction services with automatic fallback across multiple vendors. This is a real data-exposure risk because users may not realize their target URLs and retrieved content are being sent off-platform, especially when fallback can route data to a different provider than requested.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The script persists raw search queries and related metadata to local disk by default, which can leak sensitive user intent, internal project names, credentials accidentally pasted into queries, or regulated data to other local users, backups, or forensic collection. Although the cache directory/file permissions are tightened, silent retention of potentially sensitive queries still creates a confidentiality risk in shared or managed environments.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal