Security audit

aisa-multi-search-engine-zh

Security checks across malware telemetry and agentic risk

Overview

This is a coherent AISA-powered search skill; its main risk is that searches and supplied URLs are sent to an external API.

Install only if you are comfortable sending search queries, URL lists, and extracted page content to AISA and possibly upstream search providers. Do not use it with secrets, private/internal URLs, regulated data, credentials, or confidential documents unless that external sharing is approved; protect and rotate the AISA_API_KEY if exposed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (6)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 73% confidence
Finding: The skill declares required environment variables and a Python runtime, and its documented behavior clearly implies outbound network access, but it does not declare explicit permissions boundaries for those capabilities. This can lead to under-scoped review and user misunderstanding about what the skill may access or transmit, especially since it handles external search and URL extraction.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The README advertises external web search and URL extraction features but does not disclose that user queries, URLs, and possibly retrieved content will be transmitted to third-party services. In a research/search plugin, this omission can cause users or downstream agents to unknowingly send sensitive prompts, internal links, or proprietary data to external providers, creating privacy, compliance, and data-handling risk.

Vague Triggers

Medium

Confidence: 81% confidence
Finding: The trigger condition is broad enough to match many ordinary research or browsing requests, which increases the chance the skill is invoked when the user did not intend external multi-source search. Because the skill sends queries to external services, ambiguous activation raises privacy and consent risks rather than being a purely usability issue.

Vague Triggers

Medium

Confidence: 80% confidence
Finding: The usage guidance repeats the same ambiguous activation language without adding safeguards, making accidental or over-broad invocation more likely in practice. In a search skill backed by external APIs, that can expose prompts, URLs, or research topics to third parties without sufficiently clear user intent.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The description advertises URL extraction and multi-source search but does not warn that user queries and supplied URLs will be transmitted to external services. This omission is security-relevant because users may provide confidential links, internal URLs, or sensitive research topics assuming local handling.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The setup and usage sections explain how to run the client and API-backed operations but omit a warning about external data transmission and retention. This makes operational misuse more likely, especially in environments where users may paste confidential URLs or research material into the tool.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.