Back to skill

Security audit

ncbi-search

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward NCBI/PubMed search helper with some privacy caveats around local caching and API-key handling.

Install only if you are comfortable sending biomedical search terms to NCBI and storing returned results locally. For sensitive searches or shared machines, set NCBI_NO_CACHE=1 or clear .ncbi_cache/cache.db after use, and use NCBI_API_KEY rather than passing --api-key on the command line.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README states that all NCBI API responses are automatically persisted to a local SQLite cache, but it does not clearly warn users that their search terms and fetched biomedical results may be stored on disk. In an agent-skill context, queries can contain sensitive research topics, disease interests, genetic variant lookups, or other confidential workflow data, so silent persistence can expose privacy-sensitive history to other local users, backups, or later exfiltration by unrelated malware.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The documentation states that all HTTP responses are persistently cached in `.ncbi_cache/cache.db`, but it does not warn users that potentially sensitive queries, returned records, and metadata may remain on disk for 24 hours or longer. On shared systems or sensitive biomedical workflows, this can expose research interests, identifiers, or other data to later users or processes.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill recommends passing the API key directly on the command line with `--api-key`, but does not warn that command-line arguments may be exposed through shell history, process listings, logs, or telemetry. This can lead to credential leakage and unauthorized use of the NCBI API key.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.