Multi Search Engine 2

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only search helper that behaves as described, but users should avoid sensitive search terms.

Install only if you want the agent to construct searches across public search engines. Do not enter passwords, tokens, confidential project names, customer data, regulated data, or unauthorized target queries, because search providers may receive and retain those queries.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill explicitly instructs users to send search queries to multiple third-party search engines, but it does not disclose that the user's input will be transmitted to external services with their own logging, tracking, and jurisdictional policies. This creates a privacy risk because users may enter sensitive terms, credentials, internal project names, or regulated data without understanding that the queries leave the local agent environment.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal