ClawHub

Deep Research

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real deep-research skill, but its standalone script grants broad automatic Gemini permissions and has under-scoped background execution behavior that needs review.

Install only if you are comfortable reviewing and constraining the script. Prefer using SKILL.md with normal platform search/fetch tools, remove or avoid --approval-mode yolo, avoid --background until the shell construction is fixed, do not paste sensitive internal research questions into the Gemini script, and only run the Docker fallback if you intentionally want a local SearXNG service.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The skill expands its scope from using existing platform search/fetch tools into operational guidance for deploying new infrastructure and invoking shell commands. In an agent setting, this can prompt unsafe environment modification, unexpected network exposure, and command execution paths unrelated to the stated research task, increasing attack surface and violating least privilege.

Intent-Code Divergence

Medium
Confidence
89% confidence
Finding
The skill contains conflicting guidance: it says never to launch a browser or proceed without native tools, yet it also offers alternative infrastructure and command-line workarounds. Such contradictions are dangerous because agents often follow the more actionable path, leading to policy bypass and unapproved tool substitution that can undermine operator controls.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The documented trigger phrases include broad, everyday terms such as "深度学习" and "comprehensive research," which can plausibly appear in normal user conversations unrelated to invoking this skill. In assistant platforms that auto-activate skills based on trigger matching, this can cause unintended invocation, unnecessary web access, and unexpected behavior, increasing the chance of prompt/skill confusion or accidental data exposure through external lookups.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script sends the full assembled prompt, including the user's research query and embedded SKILL.md content, to the external Gemini CLI without an explicit runtime disclosure or confirmation. In a research skill, users may paste sensitive internal questions or data, so silent transmission to a third-party AI service creates a real privacy and data-handling risk.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal