Security audit

KokoChat Search

Security checks across malware telemetry and agentic risk

Overview

This is a small web-search wrapper that sends search queries to KokoChat's hosted search endpoint, with that behavior clearly disclosed.

Install this only if you are comfortable sending your search terms to KokoChat's deeply.plus hosted search service. Consider narrowing or disabling the generic triggers if you want search requests to require an explicit KokoChat invocation.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The trigger phrase "search the web" is broad and likely to overlap with many ordinary user requests, so this skill may activate when a user did not specifically intend to use this hosted third-party search proxy. In this context, unintended activation can leak user queries to the remote KokoChat/deeply.plus service and alter agent behavior without clear user consent.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The Chinese triggers "搜一下" and "联网查" are highly generic and can match common conversational requests, increasing the chance of accidental activation. Because this skill sends search terms to an external hosted API, vague triggers raise privacy and consent concerns and may cause the agent to use this tool more often than the user expects.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.