Back to skill

Security audit

Parallel 1.0.1

Security checks across malware telemetry and agentic risk

Overview

The skill appears to provide the advertised Parallel.ai search/research features, but it silently includes a default API key that creates an unclear third-party account and billing boundary.

Review before installing. Use your own `PARALLEL_API_KEY`, do not rely on the bundled key, and avoid sending secrets, regulated data, or proprietary research queries unless you are comfortable transmitting them to Parallel.ai. Consider pinning or verifying the Python dependency before setup.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill documentation demonstrates shell execution and use of environment-backed secrets/API access, but no permissions are declared to signal those capabilities. This creates a transparency and governance gap: an agent or reviewer may invoke the skill without understanding that it can run commands and consume external services with credentials.

Tp4

High
Category
MCP Tool Poisoning
Confidence
81% confidence
Finding
The documented purpose is simple web research, but the finding indicates additional behaviors such as use of a hardcoded API key, querying arbitrary run status by run_id, and undisclosed specialized workflows. Hidden or under-disclosed capabilities are dangerous because they can enable unauthorized access to paid resources, leak operational data, or let users invoke behaviors they did not consent to.

Context-Inappropriate Capability

Medium
Confidence
99% confidence
Finding
The script embeds a default API key directly in the source, which is a real credential-handling flaw. Anyone with access to the skill can reuse the key to access the third-party service, causing unauthorized usage, billing abuse, and potential attribution of activity to the skill author or operator.

Context-Inappropriate Capability

Medium
Confidence
99% confidence
Finding
The script embeds a usable fallback API key directly in source code, which exposes a credential to anyone who can read the file and can enable unauthorized use of the Parallel.ai account. In an agent skill that performs networked search, this is especially dangerous because the key is immediately exercised in live API calls and may also be copied into logs, forks, or downstream distributions.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger term 'research' is very broad and likely to match many unrelated user requests, causing accidental activation of this skill. In a skill that can execute shell commands and access an external paid API, unintended activation increases the chance of unnecessary external calls, cost incurrence, and data being sent to third-party services without clear intent.

Missing User Warnings

High
Confidence
99% confidence
Finding
Using a hardcoded default API key without explicit disclosure means users may unknowingly operate with someone else's embedded credential. In an agent skill context, this is especially risky because the credential is silently exercised during normal use and can mask unauthorized third-party access.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script sends user-supplied research queries to a remote API, but the command flow does not prominently warn that inputs are leaving the local environment. In a research skill this transmission is expected, but lack of disclosure can still expose sensitive prompts, company data, or personal information users may assume stays local.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.