Baidu Web Search

Security checks across malware telemetry and agentic risk

Overview

The skill’s news-podcast purpose is coherent, but it uses local API keys and external services with some broad automatic routing that users should review before installing.

Install only if you are comfortable with your news topics, generated scripts, and configured API credentials being used with external search, model, image, and TTS services. Review the provider configuration first, avoid confidential topics, and prefer pinned dependency versions before running it in a sensitive environment.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (5)

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The function sends the user's search query and the Baidu API key to a third-party service over the network, but the code provides no disclosure, consent flow, or minimization of potentially sensitive input. In an agent skill context, users may unknowingly submit private prompts, and the API key is also exposed to the external provider as part of normal request processing.

Unpinned Dependencies

Low

Category: Supply Chain
Content: requests>=2.28.0 python-dotenv>=1.0.0
Confidence: 95% confidence
Finding: requests>=2.28.0

Unpinned Dependencies

Low

Category: Supply Chain
Content: requests>=2.28.0 python-dotenv>=1.0.0
Confidence: 95% confidence
Finding: python-dotenv>=1.0.0

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High

Category: Supply Chain
Confidence: 98% confidence
Finding: requests

Known Vulnerable Dependency: python-dotenv — 1 advisory(ies): CVE-2026-28684 (python-dotenv: Symlink following in set_key allows arbitrary file overwrite via )

Low

Category: Supply Chain
Confidence: 76% confidence
Finding: python-dotenv

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal