Security audit

Browser Search

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed browser-based search skill that sends user queries to public search engines and can save results, with normal privacy and dependency cautions.

Install only if you are comfortable adding Playwright/Chromium and sending search terms to public search engines. Do not use it for confidential searches, and review any requested output path before saving results.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 88% confidence
Finding: The skill advertises network access and file output behavior but does not declare permissions, which creates a mismatch between documented capabilities and the platform's security model. Undeclared file_write and network capabilities can lead to users or orchestration layers invoking the skill without proper consent, policy checks, or sandboxing assumptions.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The trigger phrases are generic everyday language such as '搜索...' and '帮我找...', making accidental invocation likely during normal conversation. In a skill with browser/network access and file output, broad triggers increase the chance of unintended web activity, data retrieval, or file creation without the user meaning to call this specific tool.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal