DashScope Web Search

Security checks across malware telemetry and agentic risk

Overview

This looks like a real web-search skill, but its broad auto-use guidance and weak third-party data disclosure make it worth reviewing before installation.

Install only if you are comfortable with search queries being sent to DashScope/Qwen under your API key. Avoid using it for secrets, credentials, private customer data, regulated data, or internal documents unless the query is redacted and you have explicit approval. The publisher should narrow activation rules and add clear privacy and credential-scope disclosures.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (5)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 90% confidence
Finding: The skill explicitly references use of an environment variable (`DASHSCOPE_API_KEY`) and instructs troubleshooting around process environment access, but the metadata does not declare permissions for environment access. This creates a capability/permission mismatch that can bypass operator expectations and weakens reviewability of what sensitive data the skill may touch.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The README states the agent will 'automatically use this skill' for a wide range of prompts, including broad factual questions and proactive activation. In a skill that sends user queries to an external search/API provider, vague auto-trigger criteria can cause unintended data disclosure or unnecessary external calls when the user did not explicitly consent to web access.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The README describes a real-time web search capability powered by DashScope Qwen API but does not clearly warn that user prompts and possibly related metadata will be transmitted to a third-party external service. This creates a privacy and compliance risk because users or operators may unknowingly expose sensitive queries, internal data, or regulated information.

Vague Triggers

High

Confidence: 95% confidence
Finding: The activation guidance is extremely broad, including common phrases like 'search', 'look up', 'find out', and many factual queries, which can cause the skill to trigger for ordinary conversations and send user content to an external service more often than intended. In a web-search skill, over-broad invocation is especially risky because it can expand data exposure and reduce meaningful user consent for external transmission.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill sends user queries to the DashScope Qwen API, but the markdown does not provide a clear user-facing warning that prompts may leave the local environment and be processed by a third party. This is a privacy and transparency issue, and it becomes more significant here because the skill is designed to activate proactively on broad classes of user requests.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal