Google SERP Maps Reviews API

Security checks across malware telemetry and agentic risk

Overview

This appears to be a search/SERP integration that sends queries and its API key to the expected external API, with a disclosure gap users should understand.

Before installing, confirm you intend to use JustSerpAPI and understand that search terms and the configured API key will be sent to that third-party service. Avoid submitting private or regulated data as search queries unless the provider and account terms are acceptable.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: This code performs a network request to an external service and transmits both query parameters derived from user input and the supplied API key in headers. There is no confirmation prompt, user-facing log/print, or explanatory comment/docstring disclosing that data will be sent to a third-party endpoint.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal