Search Full

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward web-search helper that tells the agent to search with SearXNG and fetch the top page with Crawl4AI; no hidden persistence, destructive behavior, or credential handling was found.

Before installing, confirm you trust the configured SearXNG endpoint and Crawl4AI path, and avoid using sensitive or confidential queries unless that network route is under your control. Treat fetched pages as untrusted web content.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 92% confidence
Finding: The skill clearly performs live web searches and fetches full page content from external services, but the user-facing description and workflow do not warn about external network access, third-party content retrieval, or the privacy implications of sending queries off-box. This can mislead users into disclosing sensitive prompts or assuming the skill operates only on local data, especially because it defaults to a localhost SearXNG endpoint while still browsing arbitrary external sites through search results.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal