ClawHub
Back to skill
v1.0.1

yula-web-search

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:06 AM.

Analysis

The web-search purpose is coherent, but the documented command builds Python code from the search query unsafely, so a crafted query could run local code if the workflow is followed.

GuidanceReview this skill before installing. Its web-search behavior is mostly purpose-aligned, but the documented query-encoding command should be fixed so search text cannot become executable Python code. Also avoid using it for sensitive queries unless you are comfortable sending those queries to public search engines and websites.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Unexpected Code Execution
SeverityHighConfidenceMediumStatusConcern
SKILL.md
QUERY_ENCODED=$(python3 -c "import urllib.parse; print(urllib.parse.quote('$QUERY'))"

The query is placed directly inside Python source code passed to python3 -c instead of being passed as an argument. A crafted query containing quotes and Python statements could change what code is executed if the agent follows this workflow.

User impactA maliciously crafted search phrase could cause local Python commands to run under the user’s account.
RecommendationDo not interpolate query text into Python source. Pass the query as an argument or environment variable, for example using sys.argv[1], and keep command execution limited to reviewed, fixed code paths.
Agent Goal Hijack
SeverityLowConfidenceHighStatusNote
SKILL.md
Extract full content from the top 2-3 most relevant URLs ... Summarize all information into a comprehensive answer

The skill intentionally brings arbitrary webpage text into the agent’s context for summarization. Webpage text is untrusted and may contain instructions aimed at influencing the agent.

User impactA malicious webpage could try to steer the agent’s answer or future actions if its text is treated as instructions rather than data.
RecommendationTreat fetched webpage content as untrusted data, ignore instructions found inside pages, and summarize only factual content relevant to the user’s request.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication
SeverityLowConfidenceHighStatusNote
SKILL.md
Uses multiple public anonymous search services ... Works via direct curl requests from local network

The skill discloses that it sends searches and page fetches to public web services using local curl requests. This is expected for web search, but it means queries and network metadata leave the user’s environment.

User impactSearch engines and visited websites may see the user’s query, IP address, user agent, and request timing.
RecommendationAvoid submitting sensitive private information as search queries, and document which external services are contacted.