Security audit

web-search

Security checks across malware telemetry and agentic risk

Overview

This is a user-run web search helper, but searches go to external providers and the browser automation uses stealth settings that users should understand first.

Install only if you are comfortable sending search terms to the selected external search providers. Do not use it for secrets, credentials, private customer data, regulated data, or confidential internal project names. Run it in a constrained environment where possible, and consider removing the stealth plugin or no-sandbox flags if site-policy compliance or browser containment matters.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Context-Inappropriate Capability

Medium

Confidence: 84% confidence
Finding: The lockfile includes `playwright-extra` and `puppeteer-extra-plugin-stealth`, which are specifically designed to evade bot detection and fingerprinting. For a skill whose stated purpose is ordinary web search across public search engines, anti-detection tooling is not necessary for core functionality and increases the risk that the browser automation can bypass site defenses, rate limits, or monitoring controls.

Context-Inappropriate Capability

Medium

Confidence: 96% confidence
Finding: The skill intentionally enables a stealth/anti-bot evasion plugin to disguise browser automation. In the context of a search/news skill, this is unnecessary for normal operation and increases the risk that the tool is used to bypass website protections, evade detection, or access content under false pretenses, which expands both legal and abuse risk.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill sends user-supplied search terms to third-party search engines and possibly fallback providers via a headless browser, but the description does not warn users that their queries leave the local environment. This creates a real privacy and data-handling risk, especially if users enter sensitive terms, internal project names, credentials, or regulated data into the search workflow.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The script sends user-provided search terms directly to third-party search engines, which discloses potentially sensitive queries over the network to external services. In this skill's context, that is the core behavior, but the lack of an explicit warning or consent mechanism means users may unknowingly expose private, regulated, or proprietary information.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.