ClawHub

Web Search Enhanced

Security checks across malware telemetry and agentic risk

Overview

This appears to be a search helper with temporary result handling, and the reviewed concerns look like implementation hygiene issues rather than malicious behavior.

Install only if you are comfortable with a search skill temporarily writing intermediate search results during processing. Avoid using it for sensitive private searches unless the publisher clarifies the temporary file location, deletion behavior, and why webFetch is used for local temp content.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The skill performs local filesystem writes and deletions to a hidden temp file in the current working directory without a clearly justified need, user disclosure, or safety controls. In an agent/tool environment, unexpected file I/O can overwrite existing files, leave artifacts, or interfere with other tasks, especially if multiple runs share the same workspace.

Intent-Code Divergence

Medium
Confidence
84% confidence
Finding
The code comments and control flow imply local temporary-file handling, but reads are performed via webFetch(path, { extractMode: 'text' }) rather than direct filesystem access. This mismatch is dangerous because it may cause the tool to fetch unintended local-or-remote resources depending on how webFetch interprets paths, expanding the attack surface and making behavior harder to reason about or audit.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger phrase "帮我查找 [搜索内容]" is extremely broad and closely matches normal user conversation, making accidental invocation and unintended routing likely. In a search skill that stores intermediate results and performs multi-step processing, overly broad activation can cause unplanned data handling or execution of this skill instead of a more appropriate one.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill states that intermediate results are saved to temporary storage, but it does not clearly warn users that search outputs may be persisted outside the immediate response. This creates a privacy and data-retention risk, especially if queries or retrieved content contain sensitive information and users reasonably expect ephemeral handling.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The tool silently writes and deletes a hidden temporary file as part of normal operation, but users are never informed that local state is being created. Undisclosed persistence is risky in agent skills because it can leak data across runs, surprise users, and create forensic or privacy issues if sensitive queries are written to disk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal