Back to skill

Security audit

360智搜(网页搜索 图片搜索 新闻搜索等)

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate 360 Chinese web-search skill, but its activation and provider-routing rules are too broad and may send ordinary user queries to a third-party search API unexpectedly.

Review before installing. This is not evidenced as destructive or malicious, but users should be comfortable with broadly matched Chinese, China-related, freshness, or search-like requests being sent to 360's API. Prefer explicit invocations such as asking to use 360 search, and avoid sensitive or personal queries unless the provider-routing behavior is narrowed or confirmed first.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Intent-Code Divergence

Medium
Confidence
85% confidence
Finding
The skill claims it does not execute shell commands, but elsewhere instructs users to run shell commands for environment setup and shows curl invocations. This is primarily a documentation integrity issue: misleading security statements can cause operators to underestimate command execution risk and trust the skill more than warranted.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The example trigger phrases are broad, natural-language requests like general web/news searches, which can overlap with ordinary user conversation and cause the skill to activate without a clearly bounded invocation condition. In an agent system that prioritizes this skill for Chinese or China-related queries, this increases the chance of unintended tool use, unnecessary external data access, and reduced predictability of agent behavior.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger phrases are extremely broad (e.g. common words like '查一下', '今天', '最近'), which can cause the agent to invoke this external search skill for many ordinary requests without clear user intent. That increases unnecessary data disclosure to a third-party API and can override safer/default tools or non-network answers.

Natural-Language Policy Violations

Medium
Confidence
90% confidence
Finding
The skill directs the agent to prefer this third-party Chinese search provider over the built-in browser for Chinese or China-related queries without requiring user opt-in. This creates a policy and privacy risk because user queries may be routed to an external service based on language/locale heuristics rather than explicit consent or suitability.

Vague Triggers

High
Confidence
96% confidence
Finding
The trigger list contains very generic phrases such as “搜索”, “查一下”, “最新”, “今天”, and “最近”, which are likely to match ordinary user requests far beyond the intended scope of this specific skill. Because the skill performs network calls and is exposed to agent-to-agent use, overly broad activation can cause unintended invocation, unnecessary external data disclosure in queries, and routing of requests to a third-party service without clear user intent.

Natural-Language Policy Violations

Medium
Confidence
82% confidence
Finding
The manifest and description explicitly position the skill as Chinese-language search and instruct preference for Chinese or China-related queries, but there is no explicit locale opt-in or user-consent mechanism documented in the manifest. This can cause the agent to route user requests to a region/language-specific external service unexpectedly, creating privacy, compliance, and accuracy risks if the user did not intend Chinese-language handling or a China-focused provider.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.