Back to skill

Security audit

Pub Web Search

Security checks across malware telemetry and agentic risk

Overview

This is a broad SkillBoss API gateway with email and SMS capabilities, despite being packaged and named primarily as a web-search skill.

Install only if you intentionally want a broad SkillBoss gateway, not just web search. Use a constrained API key or spending limits if available, avoid sending sensitive documents/audio/recipient data unless you trust the service and downstream providers, and require explicit human approval before any email, SMS, OTP, or batch messaging action.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The manifest advertises a narrowly scoped web-search skill, but the body exposes a broad multi-purpose gateway for image/video generation, document parsing, email, SMS, and other operations. This scope mismatch is dangerous because users, policy engines, and reviewers may grant trust or permissions based on the declared purpose while the skill actually enables materially different high-risk actions.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
Email sending is unrelated to the declared web-search purpose and introduces a direct outbound communication capability that could be abused for spam, phishing, data exfiltration, or unauthorized contact. In the context of a deceptively broad skill, this materially increases risk because operators may not expect the skill to message external recipients.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
SMS verification and OTP flows are unrelated to web search and enable sensitive real-world actions against phone numbers. This creates abuse potential for unsolicited OTP delivery, harassment, account workflow interference, or deceptive identity-related operations, especially when bundled into a skill whose title does not signal telecom capabilities.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The documented models include email sending, SMS delivery, document parsing, embeddings, and presentation generation, which materially exceed the stated purpose of a web-search skill. This expands the skill's effective privilege and attack surface, creating opportunities for misuse such as exfiltration via email/SMS, processing sensitive documents, or invoking unrelated capabilities that users and reviewers would not reasonably expect from the skill description.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation normalizes network transmission, messaging, and file-writing behavior without warning that prompts, documents, audio, phone numbers, email addresses, and generated outputs may be sent to third-party services or written locally. That omission can cause users or agents to transmit sensitive data or trigger external side effects without informed consent.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill advertises external web search and scraping functions, including LinkedIn lookups, screenshots, and news/profile retrieval, without any disclosure about network access, third-party data collection, or privacy implications. This can lead users to unknowingly send queries or target URLs to external services and retrieve personal or sensitive information without informed consent or appropriate safeguards.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.