SearXNG Local

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward SearXNG setup and search helper with disclosed commands; users should notice the persistent Docker service, network exposure, and unfiltered search setting.

Install only if you intend to run a local or self-hosted SearXNG service. Change the example secret key, consider pinning the Docker image, restrict access to port 8080 if the host is reachable by others, and raise safe_search if you do not want unfiltered results.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The sample configuration explicitly sets `safe_search: 0`, which disables filtering of adult or otherwise unsafe search results, but the documentation does not warn users about that security/content-safety tradeoff. In a general-purpose search skill likely to be reused in varied environments, this can expose users or downstream agents to inappropriate or policy-violating content unexpectedly.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal