ClawHub

Deep Research with MCP

Security checks across malware telemetry and agentic risk

Overview

This is a coherent web-research skill that openly uses external search, fetches pages, and saves research reports without hidden code or credential use.

Install only if you trust the configured MCP search providers and are comfortable with web requests being made for your research topics. Avoid confidential topics unless those providers are approved, and review saved reports in shared workspaces.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The skill goes beyond MCP search by instructing the agent to fetch arbitrary URLs with curl and to save output to disk, which expands its capabilities from controlled search into unrestricted network access and local file writes. In an agent environment, this can expose the system to SSRF-like requests, retrieval of untrusted content, and unintended persistence of sensitive or policy-violating material without explicit user consent.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The README presents generic natural-language prompts like "Research the current state of nuclear fusion energy" and "What's happening with the US housing market?" as direct activation examples. Because these overlap with ordinary user conversation, an agent may invoke the skill unintentionally, causing external searches, page fetching, and report generation when the user did not explicitly request tool use or file writes.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill advertises a "Save to workspace" feature and later specifies writing to $OPENCLAW_WORKSPACE/research/[slug]/report.md, but the user-facing description does not warn that file creation occurs. In an agent setting, undisclosed file writes can surprise users, overwrite expected workspace contents, or persist sensitive research results without clear consent.

Vague Triggers

Medium
Confidence
76% confidence
Finding
The skill is written to activate for research on virtually any topic, creating an overly broad trigger surface for a capability that performs external searches, arbitrary URL retrieval, and file output. Broad activation increases the chance the skill runs in contexts where the user did not intend network access or local persistence, including sensitive or adversarial prompts.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The workflow includes external web fetching and saving reports to the working directory, but it does not clearly warn the user that the skill will make outbound requests and write files locally. This undermines informed consent and can cause privacy, compliance, or data-handling issues when used in environments where network and filesystem actions are sensitive.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal