Google Search (Serper.dev)

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward Serper.dev Google Search wrapper with disclosed API-key use and no evidence of hidden persistence, destructive behavior, or unrelated data access.

Install this only if you intend your agent to use Serper.dev for Google-backed search. Use a dedicated Serper API key, monitor credit usage, and avoid searching for secrets, personal data, regulated information, or confidential business topics unless you are comfortable sending those queries to Serper.dev and Google-backed search infrastructure.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (5)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 93% confidence
Finding: The skill documentation instructs use of environment variables and outbound network access but does not declare corresponding permissions. This creates a transparency and governance gap: users or orchestration systems may invoke a skill with capabilities they did not explicitly approve, increasing the chance of unintended secret exposure or unauthorized external requests.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The README explicitly promotes sending arbitrary search queries to Serper.dev, which forwards them to Google, but it does not warn that user prompts or search terms will leave the local agent environment and be transmitted to a third party. In an agent context, users may ask the skill to search with sensitive terms, internal project names, credentials, or personal data, so the missing disclosure can lead to unintended privacy and data-handling exposure.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The skill description encourages activation for a very wide range of common search-related requests, without clear routing boundaries or disambiguation rules. Overbroad invocation can cause the agent to send user queries to an external third-party search provider when a local or different approved tool would be more appropriate, creating privacy, policy, and cost risks.

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The phrase "Use this skill for any Google search request" is an overly broad activation rule that can trigger this external networked skill for nearly all search-like prompts. In context, this increases the likelihood of unnecessary third-party data disclosure, excessive API usage, and bypass of more constrained or privacy-preserving tools.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill sends the user's search query to the external Serper.dev service via `query(type, params)` without any disclosure or consent mechanism in this script. Search queries often contain sensitive personal, medical, financial, or proprietary information, so silent transmission to a third party can create a privacy leak and compliance risk even if the network behavior is expected for functionality.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal