Web Search by Tavily

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward web search and URL extraction integration that sends requested queries and URLs to AIsa's API, with no evidence of hidden persistence, destructive behavior, or unrelated data access.

Install only if you are comfortable sending search queries, target URLs, and the AIsa API key to AIsa's external service. Do not use it for secrets, private internal URLs, regulated data, or confidential research targets unless your organization approves that data flow.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill documentation advertises web search and URL extraction via AIsa's gateway, which necessarily sends user queries and supplied URLs to an external third-party service. Without an explicit warning about this data egress, users and agent operators may unknowingly transmit sensitive prompts, internal URLs, or proprietary research targets off-platform, creating privacy, confidentiality, and compliance risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal