Multi Search CN

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward Chinese search helper, but its default mode sends the search terms to DuckDuckGo.

Install this if you want a lightweight search helper for Chinese web results. Avoid entering confidential or sensitive search terms in the default mode because they are sent to DuckDuckGo; use --urls-only when you only want local generation of search-engine links.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 91% confidence
Finding: The skill advertises and instructs use of a script that performs live web searches, but the manifest content shown does not declare corresponding network permissions. Undeclared network capability is dangerous because it reduces transparency and undermines least-privilege review: an agent or reviewer may treat the skill as lower risk than it actually is while it can still transmit user queries to external search engines.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal