Turing Baidu Web Search

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Baidu search helper that sends user search queries to a Turing proxy and shows no hidden, destructive, or persistent behavior.

Install this only if you trust the Turing Baidu proxy and the configured API base. Use a limited API key where possible, avoid putting secrets or sensitive personal information in search queries, and treat returned web snippets as untrusted web content rather than instructions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 92% confidence
Finding: The skill explicitly performs web searches through an external Turing/Baidu proxy, which is a network-capable action, yet the metadata shown does not declare any corresponding permission or capability disclosure. This can weaken platform trust boundaries and informed consent because users or orchestrators may not realize that invoking the skill sends data off-host to a third-party service.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The description says to use the skill for web search via the Turing Baidu proxy but does not clearly warn that user queries and associated metadata will be transmitted to an external service. This creates a privacy and data-handling risk, especially if users provide sensitive prompts or the agent sends context-rich search terms without explicit awareness or consent.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal