Back to skill

Security audit

Searxng

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims: it runs user-directed searches through a configured SearXNG instance, with documented but important privacy and TLS tradeoffs.

Install this only if you trust the SearXNG instance in SEARXNG_URL. Prefer localhost or a private instance, avoid searching secrets or sensitive internal data, and enable proper TLS verification before using a remote HTTPS endpoint.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (10)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill declares no explicit permissions while its documented behavior clearly depends on environment-variable access and network communication to a SearXNG instance. This creates a transparency and policy-enforcement gap: users or platforms may invoke a network-capable skill without realizing it can read configuration and send user queries over HTTP, potentially including to a non-local endpoint.

Missing User Warnings

Medium
Confidence
81% confidence
Finding
The README explicitly suggests using public SearXNG instances as an option but does not clearly warn that queries sent to such instances are visible to and controllable by third parties. For a privacy-focused search skill, this can mislead users into exposing sensitive search terms or metadata to untrusted operators, undermining the skill's stated privacy guarantees.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README notes that the skill uses `verify=False` for HTTPS requests but does not present this as a serious security risk. Disabling TLS certificate verification enables man-in-the-middle attacks, allowing attackers on the network path to intercept or tamper with search queries and results, which is especially risky for a tool handling arbitrary user searches.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger phrases are broad, conversational, and likely to match normal user requests such as 'search for', 'search web', 'find information', and 'look up'. That increases the chance of unintended activation, causing user queries to be routed through this skill and sent over the network without the user explicitly choosing this integration.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
This skill sends user search queries to the configured SearXNG server without any user-facing disclosure at execution time. In this context, search terms may contain sensitive research, credentials, internal project names, or personal data, and if the endpoint is remote or uses plain HTTP those queries can be exposed to the server operator or intercepted in transit.

Shadow Command Trigger

Medium
Category
Trigger Abuse
Confidence
84% confidence
Finding
The trigger 'search for' overlaps with the platform's built-in search command, creating a shadowing condition where this skill may capture requests intended for trusted native functionality. In context, that means routine search requests could be redirected to a configurable external endpoint, changing data flow and trust boundaries unexpectedly.

Shadow Command Trigger

Medium
Category
Trigger Abuse
Confidence
84% confidence
Finding
The trigger 'search web' is close enough to a built-in search command to create ambiguous routing and possible command shadowing. In this skill's context, accidental interception is meaningful because intercepted search text may be transmitted to the configured SearXNG instance over the network.

Shadow Command Trigger

Medium
Category
Trigger Abuse
Confidence
82% confidence
Finding
The trigger 'find information' conflicts with a generic built-in 'find' intent and is broad enough to capture many ordinary requests. This can lead to unintended invocation of a networked skill, exposing user intent or query content to an endpoint they did not knowingly select.

Unsafe Defaults

Medium
Category
Tool Misuse
Content
## SSL/TLS Notes

The skill is configured to work with self-signed certificates (common for local SearXNG instances). If you need strict SSL verification, edit the script and change `verify=False` to `verify=True` in the httpx request.

## Troubleshooting
Confidence
98% confidence
Finding
verify=False

Unsafe Defaults

Medium
Category
Tool Misuse
Content
f"{SEARXNG_URL}/search",
            params=params,
            timeout=30,
            verify=False  # For local self-signed certs
        )
        response.raise_for_status()
Confidence
98% confidence
Finding
verify=False

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.