Baidu Web Search

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed web-search skill that sends user search queries to SkillBoss and uses an API key, with the main caution being broad auto-use wording that may trigger searches more often than expected.

Install this only if you are comfortable using SkillBoss for web search. Do not use it for confidential, personal, internal, or credential-containing queries, and configure the API key through the platform or a private local config rather than exposing it in public chats or logs.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The description instructs invocation for very broad phrases such as '查一下', '搜一下', '最近', '今天', and '今年', which commonly occur in ordinary conversation. Over-broad triggers can cause unintended activation of web search, leading to unnecessary external data disclosure of user prompts and tool overuse when the user did not clearly request network access.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The 'when to use' section lists expansive and ambiguous conditions, including generic verification, recentness, and broad categories like people, products, and places. In an agent ecosystem, such loose routing boundaries increase the chance of accidental invocation, sending user queries to an external search provider without sufficiently clear user intent or necessity.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal