ClawHub

ZeeLin Search 智灵搜索

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a real Zeelin search integration, but it asks for an API key while package identity metadata is inconsistent and it can send broad search requests to an external service and save full results locally.

Install only if you recognize this Zeelin publisher and have verified the endpoint and package identity. Use a revocable API key, avoid entering secrets in chat, avoid sensitive search terms, and expect full result JSON files to be written to your user directory unless you direct the agent otherwise.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The skill instructs saving the complete API response to a JSON file in the user directory, which expands behavior beyond simply querying and displaying results. This creates a data persistence risk because search results may contain sensitive or regulated content and are written locally without consent, minimization, or retention controls.

Vague Triggers

High
Confidence
96% confidence
Finding
The trigger list includes extremely broad terms such as '舆情', '新闻报道', '热点话题', and suffix-style patterns like '...动态' or '...相关评论', which can match many ordinary user requests unintentionally. This can cause the skill to activate outside clear user intent and send user queries to an external search API, creating unnecessary data exposure and unexpected external actions.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly directs the agent to inherit all prior parameters from conversation history for partial queries, but it does not require user confirmation or even notice that prior context will be reused. This can cause previously supplied subjects, sources, time ranges, or other potentially sensitive query attributes to be silently carried into later outputs, creating privacy and data-minimization risks.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill requires exporting the full search results to a JSON file in the user directory without any warning about local data storage, sensitivity, or downstream access. This is dangerous because it can persist potentially sensitive external-content data on disk where other processes or users may access it, and users are not given a chance to decline.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill sends user-provided query content to an external API but does not clearly warn that the input will leave the local/system boundary. This can expose sensitive prompts, business terms, or personal data to a third party without informed user consent or any stated data-handling safeguards.

Ssd 3

Medium
Confidence
97% confidence
Finding
The context inheritance design instructs the agent to retain and reuse all prior parameters, which can expose previously provided user data in later responses when the user only intended to modify one field. Because outputs are generated automatically from prior state, sensitive subjects or filters may be echoed or sent onward without a fresh privacy check.

Ssd 3

Medium
Confidence
96% confidence
Finding
The workflow operationalizes repeated reuse of previous conversion results for partial queries, making cross-turn data propagation a default behavior rather than an exception. This increases the likelihood of unintended disclosure because the model may include stale or sensitive parameters in new JSON outputs and downstream API requests.

Ssd 3

Medium
Confidence
94% confidence
Finding
The examples normalize automatic propagation of prior inputs into later responses, reinforcing implementation of behavior that can leak stored user data across turns. Since examples strongly shape agent behavior, they materially increase the chance that previous query contents will be echoed back or reused without the user's informed consent.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal