Oxylabs Web Search

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward Oxylabs web search and page-reading wrapper, with normal third-party API and API-key use for that purpose.

Install only if you are comfortable sending search queries, target URLs, and the Oxylabs API key to Oxylabs AI Studio. Do not use it for secrets, private internal links, regulated personal data, or authenticated content unless you have explicit authorization.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 82% confidence
Finding: The activation guidance is very broad, telling the agent to use this skill whenever a user wants to 'look something up,' get 'current information,' gather sources, or fetch page content. Over-broad routing increases the chance the agent sends user prompts, sensitive URLs, or context to this third-party service when a narrower or local capability would be safer.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill description promotes search and scraping through Oxylabs AI Studio but does not clearly warn that user queries and supplied URLs are transmitted to a third-party service. This omission can lead to privacy, confidentiality, and compliance issues if users or agents unknowingly send sensitive inputs, internal links, or regulated data externally.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal