Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 70% confidence
- Finding
- Without declared permissions the skill's intent is opaque and cannot be validated.
Web Search By Searxng
Security checks across malware telemetry and agentic risk
Overview
This is a normal SearXNG web-search helper; the main thing to understand is that your searches go to the SearXNG server you choose.
Install only if you are comfortable sending search terms to the SearXNG instance you configure. Prefer a trusted or self-hosted HTTPS instance, avoid searching for secrets or confidential internal terms, and remember that selected upstream engines may also receive parts of the search activity.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)
Missing User Warnings
Medium
- Confidence
- 93% confidence
- Finding
- This markdown file describes making HTTP API requests to a custom or public SearXNG instance, including user queries and optional parameters, but it does not explicitly warn users that their queries will be sent to a third-party or self-hosted server. For markdown files, network behaviors that may affect user privacy should include a user-facing warning.
VirusTotal
66/66 vendors flagged this skill as clean.