ClawHub

auto-researcher

Security checks across malware telemetry and agentic risk

Overview

This research skill does what it claims, but its included scripts can run unintended local code from a crafted topic and send research queries to several outside services.

Review carefully before installing or running. Do not use the shell scripts with untrusted or pasted research topics until the heredoc input handling is fixed, and avoid confidential topics unless you are comfortable sharing them with the listed external services and any configured CLI accounts.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
82% confidence
Finding
The trigger phrases are broad terms like '研究', '分析', and '收集信息', which can match many ordinary conversations and cause the skill to activate unexpectedly. In this skill's context, accidental activation is more dangerous because activation leads to network access, shell command execution, and local file writes, increasing the chance of unintended data collection or external requests.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill advertises broad cross-platform research and report generation but does not clearly disclose that it will make outbound requests to third-party services and write collected data to local storage. In practice, user-supplied topics may contain sensitive business plans, internal project names, or personal data, which could be transmitted to external platforms without informed consent.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script sends the user-supplied research topic to multiple third-party services including Hacker News, Jina AI proxy endpoints, X/Twitter search, Product Hunt, GitHub, and DuckDuckGo without explicit consent or a warning. In a research assistant context, topics may contain confidential business plans, internal project names, or sensitive investigative queries, so this creates a real privacy and data-leakage risk.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
User-supplied research topics are automatically sent to several external services, including Jina proxy endpoints and public search platforms, without explicit notice or consent. If users research confidential projects, customer names, vulnerabilities, or internal code names, this can leak sensitive business information to third parties and into external logs.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal