Multi Search Engine Jarvis

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only search helper that sends user searches to public search engines and does not install code or request special access.

Reasonable to install as a search helper. Do not enter secrets, confidential business terms, private personal data, or sensitive investigative queries unless you are comfortable sending them to the selected search provider; use the advanced search examples only for content and systems you are authorized to research.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill explicitly instructs use of third-party search URLs and includes concrete web_fetch examples that transmit user-provided queries to external search engines, but it does not warn users that their searches, IP address, browser/session metadata, and potentially sensitive prompts will be disclosed to those providers. In an agent setting, users may assume queries are handled locally or by the platform, so the missing disclosure meaningfully increases privacy risk even though the behavior is core to the skill's purpose.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal