ClawHub

Felo Search

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Felo web-search skill, but users should understand that broad auto-triggering may send routine queries to Felo.

Install only if you want Felo-powered web search and are comfortable sending triggered search queries to Felo. Avoid using it with secrets, private file contents, credentials, proprietary code, or sensitive personal information, especially because the trigger terms are broad.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

High
Confidence
90% confidence
Finding
The documented auto-trigger terms are extremely broad and match common conversational phrases such as 'what is', 'how to', 'best', and location words. In a skill that sends prompts to an external search provider, this can cause unintended activation and unnecessary transmission of user queries, increasing privacy and data-leak risk.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The README promotes real-time search and AI-generated answers but does not clearly warn that user queries are transmitted to Felo, a third-party external service. Users may unknowingly send sensitive prompts, project details, or personal data off-platform, which is a meaningful privacy and confidentiality issue.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The skill is configured to trigger on a very wide range of ordinary information-seeking requests, including cases where the model's knowledge 'may be outdated.' In practice this can cause frequent unintended invocation of a third-party search workflow, increasing unnecessary data sharing and reducing user control over when external services are used.

Vague Triggers

High
Confidence
98% confidence
Finding
The listed trigger words are extremely generic across multiple languages, including common words like 'what,' 'where,' and 'how.' This makes accidental activation highly likely during normal conversation, which can route sensitive or routine user queries to an external API without meaningful intent from the user.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The execution instructions direct the agent to send the user's query to Felo's external API but do not require a clear disclosure or consent warning. This is dangerous because users may assume their prompt stays local to the assistant, when in fact it is transmitted to a third party.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal