Back to skill

Security audit

Privacy-first web search with DuckDuckGo-style bangs (!w, !yt, !gh)

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward SearXNG web-search helper, with the main caution that searches go to whichever SearXNG server the user configures.

Install only if you intend to use and trust a SearXNG endpoint. For best privacy, self-host it or choose a reputable HTTPS instance, avoid sensitive queries on unknown public instances, and consider pinning the Docker image version or digest for reproducible installs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Tainted flow: 'req' from os.environ.get (line 122, credential/environment) → urllib.request.urlopen (network output)

Critical
Category
Data Flow
Content
req = urllib.request.Request(url, headers=headers)
        
        with urllib.request.urlopen(req, timeout=15) as response:
            html = response.read().decode('utf-8')
            
            # Parse HTML
Confidence
95% confidence
Finding
with urllib.request.urlopen(req, timeout=15) as response:

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill documentation describes capabilities that use environment variables and outbound network access, but no declared permissions are present. This creates a permission transparency gap: consumers may invoke a skill that can contact arbitrary SearXNG instances and read configuration from the environment without an explicit trust boundary being declared.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README encourages use of self-hosted or public SearXNG instances without clearly warning that user queries may be sent to that instance and then relayed to multiple external search engines. For privacy-sensitive use cases, this can mislead users into disclosing sensitive prompts, credentials, internal project names, or other confidential data under the assumption that the search path is fully private.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The documentation emphasizes privacy protections but does not clearly warn that queries can be sent to a custom or public SearXNG instance and then forwarded to upstream search engines. Users may incorrectly assume searches stay local or private, causing accidental disclosure of sensitive queries to third-party infrastructure.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.