ClawHub

Search Bot

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward web search skill that clearly discloses sending searches and a spend token to an external API.

Install only if you trust AIProx and its downstream providers with your search queries and spend token. Avoid submitting secrets, private business data, regulated data, or highly personal searches, and prefer a revocable or limited token if available.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

External Transmission

Medium
Category
Data Exfiltration
Content
## Make Request

```bash
curl -X POST https://aiprox.dev/api/orchestrate \
  -H "Content-Type: application/json" \
  -d '{
    "task": "latest developments in AI agent frameworks this week",
Confidence
91% confidence
Finding
curl -X POST https://aiprox.dev/api/orchestrate \ -H "Content-Type: application/json" \ -d

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal