Security audit

Wine Info Search

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed read-only wine lookup skill with optional external searches and general alcohol guidance, but no hidden purchases, account changes, persistence, or data theft behavior was found.

Install only if you are comfortable sending wine search terms to external wine, shopping, Wikipedia/Open Food Facts, and optional Firecrawl services. Treat the health section as general information, not medical advice, and prefer FIRECRAWL_API_KEY as an environment variable rather than a command-line argument.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Context-Inappropriate Capability

Medium

Confidence: 88% confidence
Finding: The reference adds a health and drinking advice module with age-based consumption limits and condition-specific recommendations, which goes beyond a read-only wine lookup skill into personalized health guidance. Even without account access or payments, this can cause unsafe or medically inappropriate advice, especially for users with pregnancy, liver disease, medication use, or other contraindications.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.