Back to skill

Security audit

Free Web Search

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed web-search skill that contacts search engines and IP-location services to route searches, with no evidence of hidden persistence, credential access, exfiltration, or destructive behavior.

Install only if you are comfortable with the tool sending your IP and user agent to IP-location services before searches, and your search query to Bing or DuckDuckGo. Keep full-page fetching disabled unless you also want the tool to visit result pages.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The skill advertises that it only performs web access when the user explicitly requests online search, but in auto-region mode it first contacts third-party IP geolocation services before selecting a search engine. That behavior creates undisclosed outbound network activity and shares the host's public IP/addressing metadata with unrelated services, which is broader than the stated purpose of the tool.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The code sends requests to myip.ipip.net, cip.cc, ipinfo.io, and ipapi.co solely to infer user/network location, even though the stated function is web search. This introduces unnecessary data exposure to multiple third parties and expands the trust boundary without a clear necessity tied to the skill's core functionality.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
Each geolocation probe reveals the environment's public IP and request metadata to external services without a clear warning or consent flow. In managed, enterprise, or privacy-sensitive environments, that can leak network-origin information and create audit, privacy, or policy compliance issues.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.