Moonshot Web Search

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Moonshot web-search wrapper, but users should understand it sends queries to Moonshot and may have a search-result grounding bug.

Install this only if you intentionally want Moonshot to handle live web searches with your MOONSHOT_API_KEY. Avoid putting secrets or private data in search queries, review any persistent routing rule before adding it, and validate the answers against another source if citations or strict factual grounding matter.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Intent-Code Divergence

High

Confidence: 97% confidence
Finding: The second round claims to feed search results back to the model, but actually sends the tool arguments as the tool output. This breaks tool-response integrity and can cause the model to generate answers as if a web search occurred when no actual search results were returned, enabling fabricated or misleading output and undermining any trust boundary around external retrieval.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The skill asks the agent to run a shell script that performs live web/network access, but the user-facing description does not clearly warn that execution will invoke local shell and outbound requests. This can lead to unsafe or non-transparent tool use in environments where users or operators expect a simple search action rather than code execution with network side effects.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal