Back to skill

Security audit

Local web search using SearXNG

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward SearXNG web-search skill that sends search queries to the user-configured search server and shows no hidden or destructive behavior.

Install this only if you are comfortable sending search terms to the SearXNG instance configured in SEARXNG_URL. Prefer HTTPS, use an instance you trust, and avoid searching for secrets, credentials, or highly sensitive private information.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill invokes a Python script that depends on an environment variable and performs outbound web searches, yet the manifest does not explicitly declare those capabilities as permissions. This creates a transparency and policy-enforcement gap: users or orchestration systems may not realize the skill can read environment configuration and send data over the network, which can lead to unintended data exposure or bypass of permission review.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger phrases are broad enough to match many normal requests such as 'look up', 'what is', or 'google', increasing the chance the skill activates when the user did not specifically intend to use this networked search tool. Because activation causes user queries to be transmitted to a configured SearXNG instance and possibly upstream engines, accidental invocation can leak sensitive prompts or context externally.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill description and notes emphasize privacy-respecting search but do not clearly warn that the user's query is sent over the network to a self-hosted SearXNG server and may then be forwarded to upstream search engines. This omission can mislead users into sharing sensitive terms under a stronger privacy assumption than is warranted, especially if the configured server uses insecure HTTP as shown in the example.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.