ClawHub

gsdata-data-search

Security checks across malware telemetry and agentic risk

Overview

This is a purpose-aligned ES/social-media search client, with credential-handling and documentation weaknesses users should understand before use.

Install only if you expect to use a local ES search service and are comfortable sending search terms plus app-key-based headers to it. Use a limited-purpose app_key, avoid saving a token unless the backend actually requires it, do not share --show-config output, clear config.json when finished, and pin requests to an approved current version in managed environments.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Intent-Code Divergence

Medium
Confidence
89% confidence
Finding
The documentation gives conflicting guidance about what sensitive data is persisted locally: one section says only app_key is stored, while other sections and the changelog indicate token support exists or existed. This can cause operators to handle credentials incorrectly, potentially storing or exposing tokens in plaintext without understanding the actual authentication model.

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The skill claims dual authentication with token and HMAC-SHA256, but later states the Authorization header was removed and configuration was simplified to only app_key. This inconsistency can lead users to deploy the tool with weaker-than-expected authentication, misconfigure access controls, or assume request integrity protections exist when they do not.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill writes API credentials to a local config.json in plaintext with no permission hardening, encryption, or warning to the user. On shared systems or in multi-user agent environments, other local users, tools, backups, or logs could read the credential material and reuse it to access the ES API.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The manifest describes broad natural-language parsing of search requests and automatic extraction of parameters without defining clear scope limits, allowed query types, or exclusion conditions. In an agent setting, this can cause overbroad activation, unintended handling of sensitive or policy-relevant requests, and misuse of external search capabilities against social-media data sources.

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests
Confidence
95% confidence
Finding
requests

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High
Category
Supply Chain
Confidence
98% confidence
Finding
requests

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal