Back to skill

Security audit

SerpAPI Search

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward SerpAPI search helper whose main risks are the expected use of a SerpAPI key and sending search queries to SerpAPI.

Install only if you are comfortable giving the skill access to a SerpAPI key and sending your search terms to SerpAPI. Prefer an environment variable or managed secret store over a plaintext config file, avoid sensitive queries, monitor SerpAPI usage or billing, and rotate the key if trust changes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill declares no explicit permissions, but its metadata and examples clearly indicate shell execution and outbound network access via curl/python3 to SerpAPI. This creates a real permission/transparency gap: users or policy systems may treat the skill as lower risk than it is, even though it can transmit user-supplied queries and API credentials to external services.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The script accesses credentials from a skill-local .env file and a user config path even though the skill is described as a search utility, not as software that inspects local credential stores. In an agent setting, undeclared access to local files containing secrets expands the skill's effective privilege and can surprise users or orchestration layers that only expected outbound search behavior.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The script sends the user query and API key to a third-party service over the network without any runtime disclosure, confirmation, or masking. In agent workflows, queries may contain sensitive user data, and combining that with silent exfiltration to an external API creates a privacy and data-handling risk even if HTTPS is used.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The script silently pulls credentials from environment variables and local files without informing the user at execution time. While common in CLI tooling, in an agent skill this can lead to unexpected use of available secrets and reduce user awareness of what sensitive material the skill is authorized to consume.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.