Free Web Search Ultimate

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed web-search and page-browsing skill with no evidence of hidden access, credential handling, or destructive behavior.

Install this if you want an agent that frequently uses live web search. Before enabling the optional MCP setup, review or pin the referenced GitHub package, and avoid sending secrets, private URLs, or sensitive internal pages to search or browse commands.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill explicitly instructs agents to call `browse-page` on result URLs and arbitrary pages, but provides no constraints on which URLs are safe to fetch and no warning about privacy, sensitive endpoints, or untrusted content. In agent environments, this can lead to unintended requests to tracking URLs, internal resources, tokenized links, or user-supplied malicious pages, expanding the attack surface through server-side requests and data exposure.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal