Back to plugin

Security audit

iFlow Search

Security checks across malware telemetry and agentic risk

Overview

This is a coherent iFlow web search plugin that sends searches and fetch URLs to iFlow as expected, with no evidence of hidden or destructive behavior.

Install this only if you are comfortable sending web search terms, image search terms, and requested fetch URLs to iFlow. Avoid using it for secrets, private/internal URLs, regulated data, or sensitive project names unless your organization approves iFlow for that data. Use a SecretRef or environment variable for the API key, and only set a custom base URL if it is a trusted proxy.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill clearly sends user queries, fetched URLs, and retrieved page content to the external iFlow service, but the description does not prominently warn users about this third-party data disclosure. This can cause unintended transmission of sensitive prompts, URLs, or extracted content to an external provider, especially when users assume the tool behaves like a local or first-party capability.

Natural-Language Policy Violations

Medium
Confidence
76% confidence
Finding
The skill advertises a Chinese-first behavior without offering opt-in, opt-out, or a language-selection note, which can lead to unexpected routing of user research toward Chinese-language sources. While not a direct code-execution or injection flaw, it can affect user expectations, source selection, and downstream accuracy or policy compliance in contexts requiring language neutrality or explicit user choice.

VirusTotal

62/62 vendors flagged this plugin as clean.

View on VirusTotal

Static analysis

Detected: suspicious.exposed_secret_literal

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
dist/src/config.js:50
Evidence
const apiKey = [REDACTED](ws.apiKey) ?? readEnv(ENV_API_KEY);