ai-embedding-search

Security checks across malware telemetry and agentic risk

Overview

This skill is not proven harmful, but it should be reviewed because a narrow embedding-search package also enables a broad third-party, pay-as-you-go API gateway through one key.

Install only if you intend to use SkillBoss as a broad third-party API gateway, not just a narrow embedding-search helper. Inspect the remote setup guide before letting an agent follow it, use a restricted or low-limit API key if available, set billing alerts, and avoid sending sensitive prompts or documents unless SkillBoss's privacy and retention terms meet your requirements.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (6)

Description-Behavior Mismatch

Medium

Confidence: 92% confidence
Finding: The skill is marketed as a narrowly scoped embedding-search tool, but the body expands it into a broad API gateway for hundreds of unrelated capabilities. This scope mismatch can cause overbroad activation, unexpected third-party data routing, and misuse of capabilities the user did not intend to enable.

Context-Inappropriate Capability

Medium

Confidence: 93% confidence
Finding: Advertising social data, scraping, video, image, audio, and email from within an embedding-search skill materially broadens the operational scope beyond user expectation. In an agent setting, this increases the chance of unintended invocation of higher-risk external services and data transfer to a third-party aggregator.

Intent-Code Divergence

Medium

Confidence: 90% confidence
Finding: The Quick Test claims to demonstrate embedding search, but it calls a chat completions endpoint using messages instead of an embeddings operation. This misleading example can cause agents or users to send arbitrary conversational content to an external service under the false assumption they are only performing embeddings.

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The trigger guidance is broad and imperative ('USE THIS') without meaningful constraints, which can lead an agent to over-select the skill in situations where a narrower or local option would be safer. Overbroad routing is risky here because the skill fronts many external APIs and encourages remote processing.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The listed usage conditions extend beyond embedding-search into generic multi-provider AI application support and API-key consolidation. This ambiguity weakens least-privilege behavior in an agent and can cause the skill to be selected for unrelated tasks that involve unnecessary external data disclosure.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The setup and test instructions route requests and API credentials to an external third-party service, but the documentation does not clearly warn users that their prompts or content will leave the local environment. In an agent context, missing disclosure increases the risk of accidental transmission of sensitive or regulated data.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal