Fofa Search v1.0

Security checks across malware telemetry and agentic risk

Overview

This FOFA helper does what it says: it uses a user-provided FOFA API key to run searches and save results locally.

Install this only if you want an agent to perform FOFA API searches. Provide the FOFA key at runtime, avoid storing it in code or commits, keep the default FOFA endpoint unless you trust an alternative, and choose export paths carefully because results may contain sensitive asset information.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 93% confidence
Finding: The skill clearly describes capabilities to perform outbound network requests to the FOFA API and write results to CSV/JSON files, but it does not declare any permissions. Undeclared capabilities create a security and governance gap: users or the platform may not get accurate notice that the skill can exfiltrate queried data to disk and communicate with external services.

Vague Triggers

Medium

Confidence: 78% confidence
Finding: The activation text is broad enough to trigger on generic requests about FOFA, asset mapping, batch queries, exports, or key+query workflows, which can cause the skill to load in situations where the user did not clearly request this specific tool. Because the skill performs networked data collection and file export, overbroad activation increases the chance of unintended execution, data disclosure, or use in sensitive reconnaissance contexts.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal