Farseek

Security checks across malware telemetry and agentic risk

Overview

This is a narrow job-search API instruction skill; it sends user-entered job search details to Farseek, but shows no hidden code, persistence, credential use, or unrelated authority.

Install only if you are comfortable sending your skills, desired/current role, past titles, and location to Farseek. Avoid including resumes, confidential employer information, or sensitive personal details unless you trust the service and its privacy practices.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill documentation describes sending user job-search data to `https://farseek.ai/api/v1/search` and explicitly states that Claude is used to expand and rank inputs, but it does not warn users that their skills, role, titles, and location are transmitted to an external service and processed by AI systems. This creates a privacy and informed-consent issue because users may supply sensitive employment or career information without realizing it leaves the local agent environment.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal