Security audit

Search Viewer

Security checks across malware telemetry and agentic risk

Overview

Search Viewer is a user-directed reconnaissance tool that matches its stated purpose, but users should protect saved API keys and only run authorized searches.

Install from a trusted commit or repository, use a virtual environment, and treat config.ini as a secret because it may contain API credentials. Use limited-scope API keys where possible, do not sync or share the app directory, and assume search terms and targets may be logged by the third-party reconnaissance providers.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The application stores multiple third-party API credentials in a local config.ini file in plaintext without warning the user or applying OS-backed secret storage. If the local workstation, project directory, backups, or synced folders are accessed by another user or malware, these tokens can be reused to query paid services, exhaust quotas, or access account-linked data.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The description advertises broad OSINT and reconnaissance aggregation across multiple search engines, but it does not define allowed use cases, authorization requirements, data-handling limits, or operational boundaries. In a security/pentest context, vague scope increases the chance the skill is invoked for unauthorized reconnaissance or mass collection, making misuse easier and policy enforcement harder.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal