Back to skill

Security audit

Research-engine

Security checks across malware telemetry and agentic risk

Overview

This research skill mostly does what it says, but it needs review because it encourages recurring external searches and writes local history/reports with limited controls.

Review before installing. Use it only for research topics you are comfortable sending to external services and storing on disk, avoid enabling cron or autonomous integrations without explicit limits, and prefer a controlled RESEARCH_DIR until filename sanitization and retention controls are added.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The skill persistently stores browsing history, including research topics and queries, to a local markdown file even though the stated purpose is research/report generation. This creates unnecessary retention of potentially sensitive user intent and investigative activity, increasing privacy and data exposure risk if the workspace is later accessed, synced, or exfiltrated.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill advertises automated external research and later describes scheduled searches, but the description does not clearly warn users that it may initiate network activity against external services automatically. In an agent environment, undisclosed outbound access and recurring searches can surprise operators, leak prompts or interests to third parties, and create policy, privacy, or cost issues.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The documentation describes report generation and later states that outputs are saved to a fixed local directory, but it does not prominently warn users about automatic local persistence. Writing research results to a hard-coded path can expose sensitive queries, collected data, or generated plans to other local users/processes and may violate operator expectations about data retention.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill performs external searches and writes browsing history to disk without any user-facing disclosure about privacy, retention, or the fact that search topics and query metadata are being persisted. In a research tool, topics may be sensitive, so lack of notice and control makes the persistence behavior more dangerous and likely to violate user expectations.

Ssd 3

Medium
Confidence
96% confidence
Finding
The skill stores plain-language browsing history containing research topics, queries, source names, and timestamps, then exposes it through get_browsing_history(). This creates a straightforward data leakage path because sensitive investigative interests or proprietary research themes can be recovered from local files or via the accessor function without any access control or minimization.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.