OpenWebSearch

Security checks across malware telemetry and agentic risk

Overview

This skill is a transparent web-search setup and retrieval guide, with no executable payload and clear prompts before higher-impact setup actions.

Before installing, expect the skill to guide your agent through open-websearch use and, if needed, setup. Review prompts carefully before approving package installs, Playwright/browser downloads, MCP or endpoint config edits, or starting a local daemon. Prefer your requested language, locale, and search source when that matters.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Natural-Language Policy Violations

Low

Confidence: 88% confidence
Finding: The instruction to prefer Startpage for 'general English-language web search' establishes a default language preference in the skill behavior. Under the policy, forcing or defaulting to a specific language/locale without explicit user choice can be a natural-language policy violation unless clearly justified or offered as an opt-in.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal