Bimiyun Search

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Bimiyun web-search skill that sends user searches to its API using a declared API key, with no hidden persistence, destructive behavior, or deception found.

Install only if you are comfortable sending search queries to Bimiyun with your BIMIYUN_API_KEY. Avoid searching secrets, private internal data, or sensitive personal information, keep any .env file out of version control, and do not set BIMIYUN_ENDPOINT unless you trust the destination.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (3)

Intent-Code Divergence

Low

Confidence: 94% confidence
Finding: The documentation says safety search is enabled by default, but the example labeled '禁用安全搜索' uses the --safe flag, which strongly suggests the flag semantics are inverted or documented incorrectly. This can cause operators or downstream agents to accidentally disable filtering when they believe they are enabling it, increasing exposure to unsafe, explicit, or policy-violating search results.

Vague Triggers

High

Confidence: 96% confidence
Finding: The trigger phrases are extremely broad, including generic terms like '搜索', '查找', '帮我搜', and '查一下', which can match a large fraction of ordinary user requests. In an agent ecosystem, this can cause over-invocation of the skill, sending user prompts or derived queries to an external network service more often than intended, with privacy, routing, and prompt-injection exposure because web content is then introduced into the workflow.

Missing User Warnings

Medium

Confidence: 82% confidence
Finding: The skill sends user-provided queries and the API key to a remote service without any user-visible disclosure, consent flow, or trust-boundary warning. In assistant contexts, queries can contain sensitive prompts, proprietary data, or personal information, so silent transmission to a third party creates a real privacy and data-handling risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal