AIsa Search

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed AIsa-backed research/search client that requires an API key and does not show hidden local access, persistence, or destructive behavior.

Install only if you trust AIsa with your search queries, URLs, and any text you pass to the tool. Use a scoped AISA_API_KEY where possible, avoid submitting secrets or private internal URLs, and check `python3 scripts/search_client.py --help` so you understand which retrieval modes may send data to the service.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Tp4

High

Category: MCP Tool Poisoning
Confidence: 90% confidence
Finding: The documented behavior materially understates the skill's implemented retrieval surfaces and capabilities, including additional third-party endpoints, crawling/site-mapping features, and academic search modes. This mismatch is dangerous because users and policy systems may authorize the skill for narrow 'recent research' tasks while it can perform broader collection and external data access than advertised, increasing the risk of unexpected data exposure, policy bypass, or overcollection.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal