Back to skill

Security audit

SerpAPI

Security checks across malware telemetry and agentic risk

Overview

This SerpAPI search helper appears purpose-aligned, but users should understand that searches and optional location context are sent to SerpAPI.

Install only if you are comfortable sending search terms and any provided or inferred location to SerpAPI. Prefer setting location explicitly for location-sensitive searches, avoid sensitive personal queries, and make sure SERPAPI_API_KEY is scoped/managed appropriately.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill clearly depends on environment variables, reads local configuration from TOOLS.md, and makes outbound network requests, yet no explicit permissions are declared. This weakens reviewability and consent because the runtime capabilities are broader than what a consumer of the skill can infer from permissions metadata.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The skill reads local workspace files and an environment-derived workspace path to infer a default location, which exceeds the stated search-only purpose and creates an unnecessary data-access channel. Even though it only extracts a specific pattern from TOOLS.md, this can expose sensitive user location context to subsequent outbound searches without explicit user awareness or consent.

Vague Triggers

Medium
Confidence
76% confidence
Finding
The description is extremely broad and maps to many common user intents such as web search, shopping, restaurants, images, and news. That increases the chance the skill is invoked by default for ordinary requests, causing unnecessary third-party data disclosure or unexpected tool use without a clear user expectation.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill instructs users to provide search queries and optionally precise locations, but does not warn that these inputs are transmitted to SerpAPI, an external third party. In practice this can expose sensitive interests, shopping intent, or location data without informed consent, and the local-search context makes the privacy risk more significant.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The code sends user queries and optional location data to an external third-party API without any user-facing disclosure at the time of transmission. In a search tool this network use is expected, but the silent inclusion of inferred or supplied location increases privacy risk, especially when location may have been sourced automatically from local files.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.