Back to skill

Security audit

Multi Search Engine Litiao

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only search helper that appears coherent, but users should avoid putting private information into search queries.

Install only if you are comfortable using it as a public-web search guide. Do not include passwords, tokens, customer data, internal URLs, private project names, or confidential research terms in queries. Use advanced search examples involving passwords, admin pages, cached pages, or financial topics only for authorized research.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill prominently encourages `web_fetch` calls to multiple third-party search engines but does not warn users that their queries, operators, and potentially sensitive research terms will be transmitted to external services. In an agent setting, this can cause unintended disclosure of proprietary, personal, or confidential information, especially because the examples normalize direct outbound requests across many providers.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.