add.tools

Security checks across malware telemetry and agentic risk

Overview

This is a simple instruction-only skill for querying add.tools, with disclosed external search and feedback requests but no hidden code, credentials, persistence, or privileged access.

Install/use this only if you are comfortable sending tool-search queries and optional feedback to add.tools. Review any recommended tools, MCP servers, pricing, and permissions independently before connecting them or making payments.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

External Transmission

Medium

Category: Data Exfiltration
Content: ```bash # JSON response for agents curl -H "Accept: application/json" "https://add.tools/search?q=send+email" # With explicit format param curl "https://add.tools/search?q=weather+forecast&format=json"
Confidence: 88% confidence
Finding: curl -H "Accept: application/json" "https://add.tools/search?q=send+email" # With explicit format param curl "https://add.tools/search?q=weather+forecast&format=json" ``` ### Report feedback ```bas

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal