Back to skill

Security audit

Ddg

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward guide for installing and using the ddgr DuckDuckGo terminal search tool, with ordinary cautions around package installation, opening results, and disabling safe search.

Install ddgr only from package sources you trust, prefer package-manager installation when possible, avoid putting secrets or sensitive personal information in search queries, be careful before opening search results in a browser, and use --unsafe only when you deliberately want safe search disabled.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Low
Confidence
91% confidence
Finding
The documentation explicitly demonstrates `ddgr "query" --unsafe --np` without any adjacent warning that this disables safe search and may return explicit, adult, or otherwise unsafe content. In a terminal-oriented skill that may be reused in scripts, automation, or shared environments, this can lead to accidental exposure to inappropriate results or policy violations, even though it is not a code-execution issue.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.