omnisearch

Security checks across malware telemetry and agentic risk

Overview

OmniSearch is a straightforward web-search wrapper, with the main caveat that search queries may be sent to external providers automatically.

Install this if you want agents to search the web through mcporter without extra confirmation for ordinary search requests. Avoid putting secrets, private identifiers, confidential business data, or sensitive personal details into search queries unless you trust the configured provider and mcporter setup.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill explicitly instructs the agent to perform web searches immediately and without asking permission. This can cause the agent to transmit user-provided queries, including sensitive or identifying information, to external search providers without user awareness or consent, creating a privacy and data-handling risk. In a web-search skill this behavior is contextually relevant, but the blanket 'ALWAYS' and 'don't ask permission' language makes it more dangerous because it removes discretion for potentially sensitive queries.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal