Naver news Search

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Naver News search helper, with the main consideration being that it sends search terms to Naver using user-provided API credentials.

Install if you are comfortable giving the agent Naver developer credentials and sending your news search queries to Naver. Use a dedicated Naver application key where possible, keep the secret in environment configuration rather than source files or prompts, and be aware that automated summaries or cron use can consume API quota.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 72% confidence
Finding: The documentation instructs users to configure API credentials and send external queries, but it does not prominently warn that user queries and authentication material are involved in network transmission. In a skill that uses third-party APIs, lack of disclosure can lead to unsafe handling of sensitive searches or misconfigured secret storage.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal