Back to skill

Security audit

Google Search Serp

Security checks across malware telemetry and agentic risk

Overview

The skill extracts visible Google search results, but it also tells agents how to continue scraping through anti-bot blocks using stealth sessions, rotating proxies, CAPTCHA handling, and parallel sessions.

Install only if you are comfortable with a skill that can automate Google SERP collection and includes anti-bot workarounds. Prefer limiting use to pages you can access normally, avoid proxy or stealth retry guidance, and stop when CAPTCHA or blocking appears unless you have clear authorization and policy compliance.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill goes beyond passive SERP extraction and provides operational guidance for avoiding anti-bot controls, using rotating proxies, manually solving CAPTCHAs, and scaling scraping across sessions. That materially enables continued access after service defenses intervene, which increases the likelihood of abusive automation and policy circumvention.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The documentation explicitly normalizes stealth scraping infrastructure and anti-bot bypass tactics as part of routine operation. Even without exploit code in the markdown itself, this materially lowers the barrier to evading platform protections and repurposes the skill from extraction to circumvention.

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
The claimed safety boundary says the skill only reads data already shown to the user, but later instructions direct operators to alter network/browser infrastructure to evade blocking and continue collection. This contradiction is dangerous because it masks risky behavior behind benign framing, making misuse easier to justify and harder to review.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.