multi-search-engine

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only search helper; its main risk is that search terms go to third-party engines, which is expected for its purpose.

Install only if you are comfortable with the agent sending search terms to public search providers. Do not search for secrets, personal data, confidential project names, credentials, or regulated information, and use the advanced search operators only for legitimate authorized research.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill documentation encourages sending arbitrary user-supplied queries directly to third-party search engines, but it does not clearly disclose that those queries will be transmitted to external providers. Users may enter sensitive terms such as internal project names, credentials, personal data, or investigative topics, causing unintended privacy leakage to search engines and related intermediaries.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal