Back to skill

Security audit

360 Web Search

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed 360 web-search skill that sends search queries to 360's API, with broad activation wording that users should understand before installing.

Install this only if you are comfortable sending search terms, UUID session IDs, and any selected image-search inputs to api.360.cn using your 360 API key. Avoid using it for secrets, private personal data, or proprietary prompts, and consider narrowing triggers or requiring confirmation if you want tighter control over third-party searches.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger list includes very broad everyday terms such as “今天”, “最近”, “帮我找”, and “查一下”, which can cause the skill to activate for many unrelated requests. That increases the chance of unnecessary external data transfer to api.360.cn and can override a user's expected tool choice or privacy expectations, especially because the metadata sets confirmBeforeRun to false.

Natural-Language Policy Violations

Medium
Confidence
88% confidence
Finding
The skill instructs the agent to prefer this external tool for Chinese or China-related queries over the built-in browser, without asking for user preference or considering locale, trust, or data-governance implications. This can bias tool selection and route user queries to a third-party provider unexpectedly, which is risky when handling sensitive or regulated topics.

Vague Triggers

High
Confidence
97% confidence
Finding
The trigger list contains very common phrases such as “搜索”, “最新”, “今天”, and “帮我找”, which are likely to match ordinary user requests and cause this skill to activate unexpectedly. Because the skill performs external network calls and is configured to be preferred for broad classes of Chinese or China-related queries, accidental invocation can route sensitive or unintended queries to a third-party service without clear user intent.

Natural-Language Policy Violations

Medium
Confidence
83% confidence
Finding
The metadata and description explicitly prioritize this skill for Chinese-language and China-related queries, which can steer user requests to this external provider without explicit consent or a neutral tool-selection decision. In context, this is more dangerous because the skill makes network calls to a third-party API, so forced routing may create privacy, compliance, or user-expectation issues when users did not ask for this provider specifically.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.