Back to skill

Security audit

Valyu Search

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Valyu search integration, but it needs review because it can send user inputs to Valyu and encourages unsafe API key handling.

Install only if you are comfortable sending search queries, URLs, and research inputs to Valyu. Prefer setting VALYU_API_KEY through your local environment or secret manager, avoid pasting the key into chat, and avoid the setup command unless you accept plaintext local storage in ~/.valyu/config.json.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger list is broad enough to match many ordinary requests such as 'look up', 'find online', and 'research [topic]', which increases the chance the skill will be invoked when the user did not explicitly intend to send data to this external service. In this skill, unintended invocation matters more because it can cause user queries and fetched URLs to be transmitted to a third-party provider and may initiate external network activity without clear user awareness.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill description does not disclose that user queries, supplied URLs, and potentially attached files are sent to Valyu, a third-party external service. This creates a privacy and data-handling risk because users may provide sensitive content under the assumption the assistant is acting locally, while the skill supports remote search, content extraction, and deep research with file and URL submission.

Missing User Warnings

Medium
Confidence
81% confidence
Finding
The tool writes the API key to ~/.valyu/config.json without setting restrictive permissions or warning the user that the secret will be stored on disk. On multi-user systems or in lax environments, other local processes or users may be able to read the credential and use the Valyu account.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The setup prompt explicitly asks the user to share their API key with the tool or agent, which normalizes secret disclosure to an intermediary. In agent-mediated environments this increases the chance of credential exposure through logs, transcripts, prompt history, or other tooling layers.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.