Bohrium Web Search

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Bohrium web-search helper; its main risk is that search terms and an access key are sent to an external service.

Install if you want Bohrium-backed web search. Store the access key as a secret, avoid placing it in prompts or logs, and do not search for secrets, internal URLs, personal data, regulated data, or confidential research terms unless you intend to send that query to the external search service.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 85% confidence
Finding: The skill sends user-provided search queries to an external internet search service through Bohrium's proxy and requires an access key, but the documentation does not clearly warn that prompts may leave the local environment and be processed by a third-party-backed provider. This creates a real privacy and data-handling risk if users submit sensitive queries, credentials, internal project names, or regulated data.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal