Back to skill

Security audit

Multi-Engine Web Search

Security checks across malware telemetry and agentic risk

Overview

This is a coherent web-search skill, but it can silently run a sibling Tavily helper outside the reviewed package and does not clearly warn users that search queries leave their environment.

Review the sibling Tavily helper before installing or using this skill. Use a scoped Tavily API key, avoid searching secrets or sensitive personal/business data, and only enable browser-based engines if you trust the installed agent-browser tool and are comfortable sending queries to the selected search provider.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill clearly instructs execution of a Python script, use of environment variables, browser access, and direct shell commands, yet it declares no permissions or trust boundaries. This creates a transparency and policy-enforcement gap: users and the hosting agent may invoke capabilities involving network access, local file reads (for env/config), and shell execution without explicit disclosure or gating.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger list includes very broad phrases such as "search", "look up", "google it", and common Chinese equivalents, which are likely to match many ordinary user requests. Overbroad activation can cause the agent to invoke external web search unexpectedly, increasing the chance of unnecessary data disclosure to third-party services and unintended tool use.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill describes multiple external search paths, including Tavily and browser-based engines, but does not prominently warn that user queries will be transmitted to third-party services and may be exposed through browser automation. In a search skill, this context makes the omission materially important because the primary function is to forward user-provided content off-system.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill sends the user's raw search query to Tavily over the network, but the code provides no explicit user-facing disclosure or consent gate before transmitting potentially sensitive prompts. In an agent context, users may assume local handling, so this can leak confidential data, secrets, internal project names, or personal information to a third party.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The browser-based search path transmits user queries to third-party search engines such as Google and Baidu without any explicit warning or confirmation. In a research skill, that behavior is expected functionally, but it is still security-relevant because user prompts may contain sensitive information that should not be disclosed externally by default.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.