Bing Image Search Mcp

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward Bing image search connector, but users should know their queries are sent through OneKey/Bing and the scripts include a disclosed shared demo-key fallback.

Install only if you are comfortable using OneKey Gateway/Bing and the listed third-party packages. Use your own OneKey key for accountability, and do not submit secrets, private personal data, or regulated information in image search queries.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Context-Inappropriate Capability

Low

Confidence: 94% confidence
Finding: The script embeds a live fallback credential via `os.getenv(..., "BETA_TEST_KEY_MARCH_2026")`, meaning it may authenticate to a remote router even when no operator explicitly supplies a secret. Hardcoded default credentials are dangerous because they encourage secret reuse, make accidental unauthorized access easier, and can expose downstream services if the value is valid beyond local testing.

Missing User Warnings

Medium

Confidence: 98% confidence
Finding: The README states that if no key is provided, the scripts fall back to a shared demo key `BETA_TEST_KEY_MARCH_2026`. Encouraging use of a shared credential is dangerous because users may unknowingly send queries and metadata through a common account, creating privacy leakage, abuse risk, quota exhaustion, and loss of accountability across different users.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: This code reads an access token from the environment and immediately uses it to establish a remote router client without any user-facing disclosure that authenticated network access will occur. In a narrowly described image-search skill, silently consuming credentials and contacting an external broker increases the risk of unintended data transfer and operator surprise, especially in automated environments.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The script forwards user-supplied JSON payloads directly to an external service through `router.invoke` without warning the user that their input leaves the local environment. Even if expected for tool functionality, undisclosed transmission can expose sensitive queries or batch input data to third-party infrastructure, which is a meaningful privacy and data-handling risk.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal