Multi Search Engine Local

Security checks across malware telemetry and agentic risk

Overview

This is mostly a search-template skill, but its guide includes risky examples for finding passwords or admin pages, so it should be reviewed before installation.

Install only if you are comfortable reviewing and constraining how the agent uses advanced search operators. Avoid using it for credential discovery, admin endpoint hunting, recovering withdrawn sensitive content, or submitting secrets and confidential queries to external search engines.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Description-Behavior Mismatch

Medium

Confidence: 83% confidence
Finding: The Startpage section promotes anonymous/proxy viewing of third-party results, which expands the skill from search into proxy access. That can help users reach content indirectly, obscure attribution, and bypass normal access patterns or network controls, making the skill context more dangerous than a simple search reference.

Ssd 2

Medium

Confidence: 93% confidence
Finding: Examples like inurl:login admin, intitle:"index of", and intext:password filetype:txt are classic reconnaissance patterns used to discover exposed admin portals, directory listings, and credential-containing files. In a search-integration skill, embedding these examples operationalizes sensitive discovery techniques and lowers the barrier to misuse.

Ssd 4

Medium

Confidence: 84% confidence
Finding: The guide introduces progressively stronger search operators culminating in sensitive-discovery examples, which creates a practical reconnaissance workflow rather than neutral documentation. In this skill context, that progression makes harmful use easier because it teaches how to refine searches toward exposed assets and credentials.

Ssd 2

Low

Confidence: 78% confidence
Finding: The cache example explicitly frames cached-page retrieval as a way to view deleted content, which can encourage attempts to access information the publisher intended to remove. Although lower impact than credential-search examples, it still nudges users toward recovering previously inaccessible material.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal