ClawHub

Deep Researcher

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed web-research and report-writing skill, with some settings users should control explicitly but no evidence of hidden, destructive, or deceptive behavior.

Install if you are comfortable with research topics being sent to your configured search provider and reports being saved locally. For sensitive work, invoke the skill explicitly and state the desired region, language, source files, and save path.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The README says the skill is triggered automatically whenever the AI 'recognizes research intent' and gives broad natural-language examples, but it does not define clear activation boundaries or require explicit invocation. In agent environments with automatic skill routing, this can cause the skill to run unexpectedly on loosely related prompts, leading to unintended web access, external data retrieval, or report generation outside user intent.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The claim that the system uses 'semantic intent routing' with 'no flags or options' means control is delegated to fuzzy intent inference rather than constrained inputs. That increases the chance of over-triggering, misclassification of user requests, and execution of search/reporting behavior in contexts where the user did not intend to invoke a research workflow.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The skill is configured to trigger automatically on broadly defined 'research intent in natural language', which can capture ordinary informational queries without clear user consent to invoke this higher-privilege workflow. Because the skill has WebSearch, Read, and Write permissions, an over-broad trigger can cause unintended external requests and filesystem writes, expanding the blast radius of routine interactions.

Natural-Language Policy Violations

Medium
Confidence
84% confidence
Finding
Defaulting ambiguous queries to Chinese output without user opt-in can cause the agent to produce results in an unexpected language, which may confuse users and reduce their ability to review, validate, or safely use the generated report. In a research-and-write skill, unexpected language selection is a trust and consent issue because it changes output semantics without confirmation.

Natural-Language Policy Violations

Medium
Confidence
88% confidence
Finding
Mandating official local language searches without user opt-in forces transmission of the user's topic to additional linguistic and regional search contexts, potentially broadening data exposure and changing the scope of external requests. It can also degrade safety and correctness if the model is weak in those languages, causing misinterpretation of sources while still presenting them as validated evidence.

Natural-Language Policy Violations

Medium
Confidence
86% confidence
Finding
The template explicitly logs automatic region detection and maps it to a research language, which can cause the agent to infer sensitive locale information and change behavior without explicit user consent. In a research skill, this can lead to privacy concerns, unwanted profiling, and incorrect or biased source selection if the inferred region/language is wrong.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal