ClawHub
Back to skill

Security audit

Custom Grok Search

Security checks across malware telemetry and agentic risk

Overview

This Grok search/chat skill is not clearly malicious, but it should be reviewed because it automatically reads local API keys and can route prompts or images through third-party proxies.

Install only if you trust the configured xAI or proxy endpoint. Prefer the official xAI base URL or a trusted self-hosted proxy, use a dedicated low-scope API key, review CUSTOM_GROK_* and XAI_* values before running it, and avoid sending sensitive prompts or private images through third-party proxies.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The helper reads secrets and configuration from user-level files outside the skill directory, including ~/.openclaw/.env and ~/.clawdbot/clawdbot.json, to source API credentials. That broad secret discovery exceeds the narrow search function described for the skill and creates unnecessary access to unrelated local data that could later be transmitted to external services by other parts of the skill.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill explicitly encourages use of public or third-party Grok-compatible proxies but does not warn that prompts, search queries, images, API keys, and returned data may be logged, retained, or modified by untrusted operators. In a security-sensitive agent context, this can lead to privacy leakage, credential exposure, or supply-chain style tampering of model responses.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The code silently harvests API keys and config from local .env and JSON files without any user-facing disclosure in this component. Even if intended for convenience, undisclosed secret loading is risky because users may not realize the skill is pulling credentials from multiple local sources and potentially using them for network requests.

Credential Access

High
Category
Privilege Escalation
Content
export function loadEnvFiles() {
  const candidates = [
    path.join(process.cwd(), ".env"),
    path.join(os.homedir(), ".openclaw", ".env"),
  ];
  const loaded = {};
Confidence
94% confidence
Finding
.env"

Credential Access

High
Category
Privilege Escalation
Content
export function loadEnvFiles() {
  const candidates = [
    path.join(process.cwd(), ".env"),
    path.join(os.homedir(), ".openclaw", ".env"),
  ];
  const loaded = {};
  for (const p of candidates) {
Confidence
97% confidence
Finding
.env"

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal