Chaining Abuse
High
- Category
- Tool Misuse
- Content
```bash # 安装 Ollama curl -fsSL https://ollama.com/install.sh | sh # 拉取嵌入模型 ollama pull nomic-embed-text
- Confidence
- 97% confidence
- Finding
- | sh
Augmented Search
Security checks across malware telemetry and agentic risk
Overview
This is a disclosed search helper skill whose main risks are normal setup and privacy considerations for a web-search service.
Install only if you trust the referenced Docker images, npm package, and optional Ollama installer. Prefer pinned versions, avoid piping remote scripts directly into a shell, keep the HTTP service bound to localhost or protected by a firewall, and do not send secrets, confidential prompts, or internal-only URLs through the search/read tools.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)
VirusTotal
66/66 vendors flagged this skill as clean.