ClawHub

Cstcloud Web Search

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward CSTCloud web-search skill whose main risk is that search queries are sent to an external provider.

Install this only if you want your agent to use CSTCloud for web search. Treat search terms as data shared with CSTCloud, avoid putting secrets or private internal information in queries, and prefer explicit invocations when you specifically want this provider used.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The description says the skill can be triggered by a broad everyday phrase like '帮我搜 xxx', which overlaps with normal conversation and lacks strong activation boundaries. In agent systems, overly generic triggers can cause accidental invocation, unintended external web queries, and possible leakage of user prompts or sensitive terms to the remote search API.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The documentation reinforces ambiguous natural-language activation by stating users can directly say '帮我搜 xxx 即可触发'. Without clear boundaries, the agent may route common requests into this skill unintentionally, causing unreviewed outbound requests and surprising behavior in contexts where the user did not intend to use this specific provider.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The usage example provides only a generic trigger phrase and omits constraints or non-trigger examples, which encourages broad matching by orchestration layers. This can increase accidental activation frequency and the chance of transmitting user content to the CSTCloud API without clear consent or provider awareness.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script sends the user's search query to a third-party remote API, but it does not provide any explicit privacy notice, confirmation step, or documentation warning that user-supplied text will leave the local environment. In an agent-skill context, users may assume a local tool invocation, so sensitive prompts, internal project names, or secrets pasted into the query could be unintentionally disclosed to the external service.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal