Back to skill

Security audit

Google Search

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Google search integration that uses a user-provided Google API key and sends search queries to Google as expected.

Install this only if you want agent searches routed through Google/Gemini. Use a restricted Google API key, avoid putting private information in search queries, monitor Google quota or billing, review the Hebrew/Israel locale defaults, and consider installing dependencies in an isolated Python environment.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill declares only `allowed-tools: [exec]`, but its documented behavior clearly depends on environment variables and outbound network access to Google APIs. This creates a permission/transparency gap: users or policy engines may approve the skill without realizing it can read secrets from the environment and transmit user queries to external services. In a search skill, network use is expected, but undeclared capability use is still a real security and governance issue because it weakens informed consent and policy enforcement.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.