Ddg 1.0.0

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward DuckDuckGo terminal-search helper, with normal web-search privacy and install-source cautions.

Install ddgr only from a package source or repository you trust, especially when using sudo or source-install commands. Treat every search query as information sent to a web service, and avoid searching for passwords, tokens, private documents, or other secrets; bangs and automatic browser opening may contact additional sites.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 95% confidence
Finding: The skill instructs users to perform DuckDuckGo searches and optionally open results in a browser, but it does not clearly warn that queries and metadata are sent to external network services. In a privacy-focused tool, omitting this disclosure can mislead users about the exposure of sensitive search terms, especially when using bangs or browser-opening features that may contact additional third parties.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal