baidu-scholar-search

Security checks across malware telemetry and agentic risk

Overview

This is a small academic-search wrapper that openly sends search terms to a SkillBoss/HeyBossAI API with a user-provided key, with no evidence of hidden persistence or local data harvesting.

Install only if you are comfortable sending literature search terms to SkillBoss/HeyBossAI with your SKILLBOSS_API_KEY. Use a scoped or revocable key where possible, and avoid sensitive or proprietary queries.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Tp4

High

Category: MCP Tool Poisoning
Confidence: 95% confidence
Finding: The skill presents itself as a Baidu Scholar search tool, but actually sends user queries to a generic third-party endpoint at api.heybossai.com rather than an identifiable academic source. This mismatch can mislead users about where their research queries are going, weakening informed consent and creating unnecessary data exposure to an intermediary service.

Missing User Warnings

Low

Confidence: 90% confidence
Finding: The skill documentation and examples show that user search terms and a bearer-authenticated request are sent to a third-party service, but there is no explicit privacy or security warning to the user. In a research-search context, queries may contain sensitive topics, proprietary project names, or personal data, so silent transmission creates avoidable privacy risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal