Back to skill

Security audit

Bing CN Search

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Bing CN search helper with disclosed external search behavior and no evidence of hidden, destructive, or credential-seeking actions.

Install only if you are comfortable adding the listed npm tools and routing search queries through Bing CN. Avoid using it for secrets, credentials, private personal information, or confidential work topics, and consider narrowing the triggers if accidental searches would be a problem.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (9)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger set is broad and contains common conversational terms, which can cause the skill to activate when the user did not explicitly intend to perform a web search. In an agent setting, unintended activation can route user input to external tools and third-party services, creating privacy leakage and incorrect tool use risks.

Natural-Language Policy Violations

Medium
Confidence
85% confidence
Finding
The skill hardcodes use of Bing CN and does not offer user control over language or region, which can bias results and may send queries to an unintended locale-specific service. In some contexts this can expose user queries to a jurisdiction or content-filtering regime the user did not choose, affecting privacy and integrity of retrieved information.

Overly Broad Trigger

Low
Category
Trigger Abuse
Confidence
91% confidence
Finding
The trigger '新闻' is extremely short and likely to appear in normal conversation without a clear request to search. This increases the chance of accidental activation and unnecessary transmission of user text to an external search service.

Overly Broad Trigger

Low
Category
Trigger Abuse
Confidence
90% confidence
Finding
The trigger '最新' is too generic to reliably indicate search intent and may match many unrelated user requests. This can cause the agent to invoke external search unexpectedly, reducing user control and potentially exposing sensitive context.

Overly Broad Trigger

Low
Category
Trigger Abuse
Confidence
94% confidence
Finding
The trigger '搜索' is broad and may match discussion about searching rather than an actual command to perform a search. In tool-enabled agents, this ambiguity can lead to unintended network actions and disclosure of conversation content to the search backend.

Overly Broad Trigger

Low
Category
Trigger Abuse
Confidence
88% confidence
Finding
The trigger '网上' is a common word that often appears in ordinary speech without implying a request to search. This makes accidental activation plausible and can cause unnecessary reliance on external content sources.

Overly Broad Trigger

Low
Category
Trigger Abuse
Confidence
87% confidence
Finding
The trigger '时事' is short and topic-based rather than action-based, so it can appear in discussion without a request to invoke the skill. That raises the risk of false activation and unneeded external queries.

Overly Broad Trigger

Low
Category
Trigger Abuse
Confidence
87% confidence
Finding
The trigger '热点' is generic and can refer to many non-search contexts, making unintended activation likely. While the impact is limited, it still introduces avoidable external calls and possible disclosure of user context.

Overly Broad Trigger

Low
Category
Trigger Abuse
Confidence
89% confidence
Finding
The trigger '热搜' is brief and may be mentioned conversationally without requesting the agent to search. This ambiguity can cause the skill to activate unexpectedly and send data to the configured search service.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.