ClawHub

ZeeLin Search 智灵搜索

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Zeelin search integration, but it sends searches to Zeelin and saves full results locally.

Install only if you trust the Zeelin service and are comfortable sending search terms to its API. Treat Zeelin_Api_Key as a secret, avoid sensitive searches unless appropriate, watch for broad auto-activation on generic news or public-opinion prompts, and delete or protect generated zeelin_search_results JSON files when results are sensitive.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The skill instructs saving the complete API response to a JSON file in the user's directory and disclosing the file path, which exceeds the advertised behavior of merely querying and displaying results. This creates an unannounced local persistence channel for potentially sensitive search content and metadata, increasing privacy and data-handling risk on shared or managed systems.

Vague Triggers

High
Confidence
96% confidence
Finding
The trigger list includes very broad phrases such as '舆情', '新闻报道', and pattern-like fragments with ellipses, which can cause the skill to activate for ordinary conversation that was not intended to invoke this external-search capability. In this skill’s context, misfires are more dangerous because activation can lead to reading local configuration, sending user queries to a third-party API, and writing full results to disk without an explicit confirmation step.

Vague Triggers

High
Confidence
97% confidence
Finding
The trigger section expands activation to vague suffix patterns like '...舆情' and generic topics like '热门话题' or '动态', with no scope restriction or disambiguation. This increases the chance of unintended invocation and data exfiltration to the Zeelin API, especially because the workflow mandates API use and user-facing persistence behavior once triggered.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill requires storing the complete API response as a JSON file in the user directory, but provides no consent, minimization, retention, or sensitivity guidance. In this context, search results may contain personal, reputational, or otherwise sensitive content, so unconditional persistence increases exposure through local disclosure, backup leakage, or unintended reuse by other tools.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The module explicitly carries forward prior query parameters from conversation history into later outputs when the user provides only partial updates. In a search skill handling potentially sensitive intelligence, opinion, or news queries, this can silently leak prior subjects, sources, or filters into a new request and cause unintended data disclosure or incorrect external queries without clear user awareness.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill mandates persisting full search results to a JSON file in the user directory without warning about local storage, retention, or sensitivity. Search outputs may contain investigative, business, or personal data, and writing them by default can expose that data to other local users, backups, indexing services, or accidental sharing.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill sends the user's natural-language query to an external API but gives no privacy or data-sharing notice. Users may include sensitive topics, names, or business context in queries, and silent transmission to a third party can violate user expectations, internal policy, or regulatory requirements.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal