zpw-mianfei-web

Security checks across malware telemetry and agentic risk

Overview

This is a small web-search skill, but it needs review because it sends searches to a fixed private-network HTTP address and uses user text inside a shell command without clear safeguards.

Install only if you control or fully trust the service at 192.168.199.100:8080 and are comfortable sending search terms there over HTTP. Avoid sensitive queries, and prefer a version that makes the endpoint configurable, confirms before sending, uses HTTPS or a trusted local channel, and safely URL-encodes the query instead of interpolating it into a shell command.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The trigger phrases are extremely broad generic Chinese terms for searching, which can cause the skill to activate during ordinary conversation without clear user intent. Because the workflow sends extracted user text to a network service, accidental activation can leak prompts or sensitive content to an internal HTTP endpoint.

Missing User Warnings

Medium

Confidence: 98% confidence
Finding: The skill silently transmits the user's query over plaintext HTTP to 192.168.199.100:8080, without warning or consent. This creates confidentiality and privacy risk because queries may contain sensitive data, and plaintext transport can be intercepted or modified by anyone with network access to the path.

VirusTotal

48/48 vendors flagged this skill as clean.

View on VirusTotal