Naver Search

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Naver search skill using SerpAPI, with routine API-key and query-privacy cautions but no hidden or harmful behavior found.

Install only if you are comfortable providing a SerpAPI key and sending search terms to SerpAPI/Naver. Avoid secrets, confidential internal terms, or personal data in queries, keep any `.env` file private, and consider pinning the `serpapi` dependency for reproducible installs.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The README instructs users to configure a SerpAPI key and send Naver search queries through an external service, but it does not disclose that user queries and related metadata will be transmitted to a third party. This can create privacy, compliance, and trust issues, especially if agents submit sensitive prompts, internal terms, or user-derived data without informed consent.

Unpinned Dependencies

Low

Category: Supply Chain
Content: serpapi
Confidence: 93% confidence
Finding: serpapi

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal