Back to skill

Security audit

Ollama Web Search

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward Ollama web search and page-fetch wrapper, with expected external requests but no evidence of hidden persistence, unrelated data access, or destructive behavior.

Install only if you are comfortable sending search queries and requested URLs to Ollama under your API key. Avoid secret-bearing URLs, internal-only links, personal data, regulated content, or confidential prompts, and treat fetched page text as untrusted web content.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README instructs users to perform web searches and page fetching via the Ollama Web Search API but does not clearly disclose that search queries, target URLs, and fetched page content will be transmitted to an external third-party service. This can lead users to submit sensitive prompts, internal URLs, or confidential content without understanding the privacy and data-handling implications.

Vague Triggers

Medium
Confidence
75% confidence
Finding
The conversational trigger examples are broad natural-language phrases such as searching or fetching a page, which can overlap with ordinary user requests. In agent environments, this can cause accidental invocation of the skill and unintended outbound requests to external services using the configured API key.

External Transmission

Medium
Category
Data Exfiltration
Content
### 3️⃣ 依赖检查
```bash
python3 --version  # ✅ macOS 自带
curl --version     # ✅ macOS 自带
```

### 4️⃣ 测试
Confidence
83% confidence
Finding
curl --version # ✅ macOS 自带 ``` ### 4️⃣ 测试 **搜索:** ```bash cd ollama-web-search-cli ./ollama-web-search.sh search "AI news" 5 ``` **抓取:** ```bash ./ollama-web-search.sh fetch "https://ollama.co

VirusTotal

50/50 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.