Security audit

Web Search

Security checks across malware telemetry and agentic risk

Overview

This is a coherent DuckDuckGo web-search skill with expected network use and optional file saving, but users should avoid sensitive queries and choose output paths carefully.

Install only if you are comfortable sending search terms to DuckDuckGo through the dependency it installs. Do not search for secrets, credentials, confidential business data, or highly sensitive personal information, and use --output only with intended non-sensitive file paths because existing files may be overwritten.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (6)

Description-Behavior Mismatch

Medium

Confidence: 93% confidence
Finding: The script accepts an arbitrary --output path and writes search results there, creating parent directories as needed, with no restriction to a safe workspace or confirmation before overwrite. In an agent setting, this broad file-write capability exceeds a pure web-search role and could be abused to overwrite local files, drop content in sensitive locations, or stage data for later misuse.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The top-level description is broad enough to match many generic requests for information, research, fact-checking, or finding resources, which can cause the skill to activate in situations where external web access is unnecessary or inappropriate. Over-broad routing increases the chance of sending user queries to the network and returning untrusted web content without clear need or consent.

Vague Triggers

Medium

Confidence: 85% confidence
Finding: The 'When to Use' section lists many generic tasks such as research, verification, and gathering resources, but lacks constraints, exclusions, or confirmation requirements. In practice, this can lead to over-invocation of a networked skill and unnecessary exposure of user-provided queries to third-party services.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill states that it uses DuckDuckGo's API, but it does not clearly warn that user search terms and related metadata will be transmitted to an external service. This creates a privacy and compliance risk, especially if users include sensitive, proprietary, or regulated information in search queries.

Missing User Warnings

Low

Confidence: 79% confidence
Finding: The documentation encourages saving results to local files but does not warn that those files may store sensitive queries, personal data from results, or copyrighted material from external sources. Even if the content is only search metadata, local persistence increases retention and accidental disclosure risk.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The tool creates directories and writes to the specified output path without any prompt, confirmation, or overwrite safeguards. In an automated agent context, this can lead to unintended local file creation or clobbering, making the file system side effect risky even if the feature was added for convenience.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.