Back to skill

Security audit

Searxng Backup

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward SearXNG search skill, but users should trust the configured search server because queries are sent there and TLS verification is disabled.

Install this only if you intend to use SearXNG through a server you trust. Prefer a local or self-hosted instance, avoid sensitive searches on public instances, and enable certificate verification before relying on a remote HTTPS endpoint.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (8)

Tainted flow: 'SEARXNG_URL' from os.getenv (line 23, credential/environment) → httpx.get (network output)

Critical
Category
Data Flow
Content
try:
        # Disable SSL verification for local self-signed certs
        response = httpx.get(
            f"{SEARXNG_URL}/search",
            params=params,
            timeout=30,
Confidence
94% confidence
Finding
response = httpx.get( f"{SEARXNG_URL}/search", params=params, timeout=30, verify=False # For local self-signed certs )

Intent-Code Divergence

Low
Confidence
89% confidence
Finding
The checklist explicitly marks the skill as publication-ready while acknowledging that SSL verification is disabled by design. This normalizes an insecure transport configuration and may cause users or reviewers to trust network responses from a SearXNG instance without protection against man-in-the-middle attacks, especially outside a tightly controlled local environment.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The file notes that SSL verification is disabled but does not pair that statement with a strong user-facing warning in the publication-readiness assessment. This can mislead adopters into deploying the skill in broader environments without understanding that HTTPS authenticity checks are not being enforced.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README encourages use of public SearXNG instances without clearly warning that search queries may be disclosed to an untrusted third party. In the context of a privacy-branded search skill, this omission is more dangerous because users may assume their searches remain private when they may instead be logged or inspected by the public instance operator, especially when combined with the documented lax TLS posture.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger phrases are broad, natural-language expressions that are likely to occur in ordinary conversation, increasing the chance of accidental invocation. Because the skill performs network-backed searches, unintended activation could leak user prompts or context-derived queries to the configured SearXNG instance without the user explicitly intending to use this skill.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill sends raw user search terms over the network to the configured SearXNG instance without any explicit warning or confirmation. Because search queries often contain sensitive research, credentials, personal data, or internal topics, silent transmission can create a privacy leak, especially when the endpoint is remotely configured via environment variable.

Tool Parameter Abuse

High
Category
Tool Misuse
Content
1. **Check your SearXNG instance is running:**
   ```bash
   curl -k $SEARXNG_URL
   # Or: curl -k http://localhost:8080 (default)
   ```
Confidence
96% confidence
Finding
curl -k $SEARXNG_URL # Or: curl -k

Unsafe Defaults

Medium
Category
Tool Misuse
Content
## SSL/TLS Notes

The skill is configured to work with self-signed certificates (common for local SearXNG instances). If you need strict SSL verification, edit the script and change `verify=False` to `verify=True` in the httpx request.

## Troubleshooting
Confidence
98% confidence
Finding
verify=False

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.