ClawHub

Valyu Search

Security checks across malware telemetry and agentic risk

Overview

This Valyu search skill appears legitimate, but it needs review because it asks users to share an API key in chat and can store it locally in plaintext.

Install only if you are comfortable sending search queries, URLs, and research inputs to Valyu. Configure VALYU_API_KEY through your environment or a secret manager, avoid pasting the key into chat, and avoid the setup command unless you accept plaintext storage in ~/.valyu/config.json.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger phrases are broad enough to match many ordinary requests such as general research, fact-checking, browsing, or extracting page content. In a tool that sends prompts and URLs to an external service, over-broad activation increases the chance the skill is invoked when the user did not intend external sharing, causing unnecessary data disclosure or unintended network access.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The skill advertises web search, content extraction, answers with sources, and deep research, but does not warn that user queries, supplied URLs, and possibly file attachments are transmitted to a third-party service. This is especially risky because the skill supports sensitive domains like medical, financial, and patent research, where users may provide confidential or regulated information without realizing it leaves the local environment.

Missing User Warnings

Medium
Confidence
81% confidence
Finding
The setup flow writes the API key to ~/.valyu/config.json without any user-facing warning and without enforcing restrictive file permissions. On multi-user systems or in shared/dev environments, a plaintext credential on disk may be exposed to other local users, backups, or tooling that scans home directories.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal