Back to skill

Security audit

Auto Search using Google Baidu

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Google/Baidu web-search helper; its external queries and API-key use fit its purpose, with some privacy and dependency hygiene caveats.

Install only if you are comfortable sending search terms to Google or Baidu under the API keys you configure. Avoid searching for secrets or confidential data, use limited-scope or quota-limited provider keys, and consider pinning dependencies or installing in an isolated environment for sensitive use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (11)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README promotes automatic querying of Google and Baidu but does not disclose that user-entered search terms will be sent to external third-party providers. This creates a real privacy and consent issue, especially because search terms may contain sensitive personal, corporate, or regulated data and are routed to different providers depending on content.

Natural-Language Policy Violations

Medium
Confidence
82% confidence
Finding
The skill description states that engine selection is performed automatically based on query language, with Chinese queries routed to Baidu and others to Google, but no user opt-in or preference control is described. This can misroute sensitive queries across jurisdictions or to providers a user would not choose, creating a privacy and policy risk tied to language-based routing.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill documentation describes sending user queries to Google and/or Baidu but does not clearly warn that search terms are transmitted to third-party providers and may be logged, profiled, or processed under those providers' policies. Because search queries can contain sensitive personal, corporate, or regulated information, the lack of an explicit privacy warning can cause unintended data disclosure by users or downstream agents.

Natural-Language Policy Violations

Medium
Confidence
88% confidence
Finding
The documented behavior automatically routes queries to Google or Baidu based on language/content without requiring user opt-in, which can silently disclose user input to a provider they did not choose. This is especially sensitive because language-based routing may reveal nationality, language preference, or topic context and may direct data into different legal jurisdictions and surveillance regimes.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The code sends user search queries directly to Google over the network, which discloses potentially sensitive user input to a third-party provider without any explicit consent flow or warning in this skill. In an agent setting, users may reasonably assume local processing, so silent transmission of prompts, names, identifiers, or proprietary terms creates a real privacy and compliance risk.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The Baidu search path transmits user queries to an external third party without an explicit warning or opt-in, creating a privacy disclosure issue similar to the Google path. This is somewhat more sensitive in context because the code automatically routes Chinese- or China-related queries toward Baidu, potentially sending user input to a provider in a different jurisdiction without the user realizing it.

Natural-Language Policy Violations

Medium
Confidence
95% confidence
Finding
The skill automatically classifies queries by language/China-related keywords and routes them to different providers without user opt-in, removing meaningful user control over where their data is sent. This increases privacy risk because routing decisions are based on query content itself, and users may not expect politically, geographically, or linguistically inferred data to determine third-party disclosure.

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.28.0
python-dotenv>=1.0.0
Confidence
95% confidence
Finding
requests>=2.28.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.28.0
python-dotenv>=1.0.0
Confidence
93% confidence
Finding
python-dotenv>=1.0.0

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High
Category
Supply Chain
Confidence
98% confidence
Finding
requests

Known Vulnerable Dependency: python-dotenv — 1 advisory(ies): CVE-2026-28684 (python-dotenv: Symlink following in set_key allows arbitrary file overwrite via )

Low
Category
Supply Chain
Confidence
72% confidence
Finding
python-dotenv

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.