Querit Web Search

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Querit web-search skill that sends user search requests to Querit's API using a required API key.

Install only if you are comfortable providing a Querit API key and sending search terms, filters, and related request data to Querit. Avoid including secrets, private documents, or sensitive personal information in queries unless sharing that information with Querit is acceptable.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 83% confidence
Finding: The trigger conditions are broad enough to activate on many ordinary requests for facts, news, or current information, which increases the chance that user prompts are routed to this external-search skill without clear user intent. In context, that means potentially sensitive or unnecessary user queries could be sent to a third-party API more often than expected.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The description and notes explain setup but do not clearly warn that user queries will be transmitted to Querit, a third-party service. This creates a privacy and consent risk because users may assume the request is handled locally when in reality their search terms are disclosed externally.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal