Security audit

opencli-smart-search

Security checks across malware telemetry and agentic risk

Overview

This appears to be a web/search routing skill that may send queries to different public sites, but the supplied evidence does not show malicious or deceptive behavior.

Install only if you are comfortable with a search helper deciding which external site or provider to query. For sensitive searches, explicitly name the site you want used or ask the agent not to use external search routing.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (5)

Intent-Code Divergence

Low

Confidence: 97% confidence
Finding: The v2ex section instructs users to run `opencli linux-do` instead of the expected v2ex command, creating a source-routing mismatch. This can misdirect searches to the wrong service, causing incorrect data retrieval, user confusion, and potentially unintended disclosure of queries to an unrelated source.

Vague Triggers

High

Confidence: 95% confidence
Finding: The skill description is extremely broad and mandates use whenever a user wants to search, query, find, or research information, which overlaps with a large portion of ordinary assistant interactions. This can cause the skill to trigger unnecessarily, expanding data exposure to external tools and websites without clear user intent or need, and increasing the chance of privacy leakage or unwanted third-party routing.

Natural-Language Policy Violations

Medium

Confidence: 87% confidence
Finding: The skill instructs the agent to automatically choose a specific AI source based on language and context when the user has not specified a site. This creates implicit routing by language/region without explicit consent, which may send user queries to different external providers with different privacy, retention, or jurisdictional properties.

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The routing guidance is broad enough that many generic requests like finding videos, reviews, podcasts, or articles could trigger this skill even when a more appropriate or user-specified source should be used. In an agentic system, ambiguous routing can cause over-collection from unintended sites, reduce user control, and make downstream actions rely on irrelevant or lower-trust sources.

Natural-Language Policy Violations

Medium

Confidence: 78% confidence
Finding: The site recommendations tie content selection to language assumptions, such as directing Chinese content to bilibili or English content to YouTube, without presenting this as a default or asking the user for preference. This can bias results, suppress relevant alternatives, and route queries to unintended platforms based on inferred locale rather than explicit user intent.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.