Security audit

Realtime Web Search

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent Baidu-backed realtime web search tool, with normal privacy cautions for sending and logging search queries.

Install only if you are comfortable sending search queries to Baidu with your BAIDU_API_KEY. Avoid secrets or private data in queries, use a limited-scope key, keep endpoint override variables pointed only at trusted Baidu-compatible endpoints, and remember that query text may appear in local logs because of the debug print.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 78% confidence
Finding: The description advertises very broad trigger phrases such as `查一下/搜一下/最新消息/实时信息`, which can match ordinary user requests and cause the skill to activate more often than intended. Over-broad activation increases the chance of unintended external web queries, unnecessary disclosure of user prompts to third-party services, and accidental reliance on live web results when the user did not explicitly request tool use.

Vague Triggers

Low

Confidence: 74% confidence
Finding: The common use case list repeats vague triggers like `查一下 / 搜一下 / 最新消息` without defining clear activation boundaries or exclusions. This reinforces permissive routing behavior and may cause the agent to overuse the skill for generic questions, expanding unnecessary network exposure and third-party data sharing.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal