UniFuncs Deep Search

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real UniFuncs deep-search API tool, but it needs review because normal report runs quietly start a detached background process and can leave streamed results on disk.

Install only if you trust UniFuncs with your search queries and API key. Avoid using it with secrets, internal documents, private URLs, customer data, or regulated information. Do not use --push-to-share or --set-public unless you intentionally want external sharing or publication, and be aware that report runs may continue in the background and leave stream files on disk.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Behavioral ASTexec() Call, eval() Call, Dynamic Import
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection

Findings (9)

Context-Inappropriate Capability

Medium

Confidence: 88% confidence
Finding: The script exposes flags that can publish retrieved results to a share space or make them public, which expands the skill from private information gathering into data dissemination. If used with sensitive user queries or search outputs, this can unintentionally disclose confidential or proprietary information to broader audiences.

Description-Behavior Mismatch

Medium

Confidence: 87% confidence
Finding: The skill is presented as an information-gathering tool, but it also exposes flags to push results to a share space and mark them public. That expands the capability from private search to publication, creating a meaningful risk of unintended disclosure of sensitive prompts, outputs, or research artifacts.

Context-Inappropriate Capability

High

Confidence: 94% confidence
Finding: The code maps --push-to-share and --set-public directly into the outbound payload, enabling public exposure of generated search results. In a deep-search context, outputs may contain proprietary, sensitive, or regulated information from user queries or aggregated sources, so accidental publication materially increases confidentiality risk.

Vague Triggers

Medium

Confidence: 80% confidence
Finding: The invocation guidance is broad enough that the skill could be selected for ordinary research tasks without clear gating, causing unnecessary transmission of user content to a third-party API. In a security context, over-broad routing increases accidental data disclosure and use of an expensive external action when a local or safer alternative would suffice.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill instructs sending arbitrary user queries to an external API and exposes share/public options, but it does not warn that prompts, embedded secrets, personal data, or proprietary information may be disclosed to a third party or even published. This is especially risky for a research skill because users may paste large, sensitive context blobs during investigation tasks.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The script transmits the user query and multiple optional prompt fields, URLs, keywords, and instructions to a third-party remote API without an explicit runtime warning or consent mechanism. In an agent setting, users may provide sensitive research topics, internal URLs, or confidential instructions that are then sent off-platform unexpectedly.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The script sends the user's query and optional research parameters to a third-party API without an explicit user-facing warning at the point of use. For a search skill, remote processing is expected, but lack of clear disclosure can still cause unintentional transmission of sensitive internal data, credentials pasted into prompts, or regulated content.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The script persists streamed response data to a user-specified or temporary local file, but does not clearly warn that potentially sensitive search output will remain on disk. In investigative workflows, outputs may include confidential summaries, source references, or proprietary content that could be exposed to other local users or recovered later.

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: The code silently launches a detached background subprocess to continue network streaming after the foreground wait period. That can surprise users by continuing API activity and local file writes after they believe the command has effectively finished, increasing the risk of unnoticed data transmission and persistence.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal