web-search

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed web-search skill that sends search queries to SkillBoss API Hub and can optionally save results to a user-chosen file.

Install only if you trust SkillBoss/HeyBossAI with your search terms and API-key-backed usage. Do not search for secrets, credentials, private personal data, or confidential company material unless authorized, and use --output only for paths you intend to create or overwrite.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection

Findings (5)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 94% confidence
Finding: The skill clearly requires environment access for an API key, performs outbound network requests to a third-party service, and supports writing results to arbitrary files, yet no explicit permissions are declared. This creates a governance and transparency gap: hosts or users may invoke the skill without understanding its data access and exfiltration surface, increasing the risk of unintended external transmission or unsafe file writes.

Context-Inappropriate Capability

Medium

Confidence: 91% confidence
Finding: The script accepts an arbitrary user-supplied output path and writes search results to it, including creating parent directories automatically. In an agent setting, this gives the skill local file write capability beyond its stated search purpose, which can overwrite files, plant content in sensitive locations, or be abused for persistence or workspace tampering.

Description-Behavior Mismatch

Medium

Confidence: 89% confidence
Finding: The implementation persists data to the local filesystem even though the skill is described as a search-and-return tool. This mismatch increases risk in agent environments because users or orchestrators may not expect the skill to modify local state, making abuse or accidental overwrites more likely.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The activation language is very broad and can match many generic requests for information, research, fact-checking, or finding resources. Over-broad routing increases the chance the skill is invoked in contexts where users did not intend to send prompts externally, which can lead to unnecessary data exposure and unexpected tool use.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The documentation states that queries are sent to SkillBoss API Hub but does not prominently warn that user-supplied search terms and possibly derived metadata will be transmitted to an external service. In a research or fact-checking workflow, users may include sensitive, proprietary, or personal information in queries, causing unintended third-party disclosure.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal