Zero Api Key Web Search

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent web-search and page-reading helper with optional third-party Bright Data features that users should enable carefully.

Install only if you trust the external Python package source. The default free path does not require API keys, but if you configure Bright Data or Web Unlocker, avoid sensitive/private URLs and confidential queries unless sharing them with that provider is acceptable.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill documents an automatic and forced 'Web Unlocker' path for accessing blocked pages, but it does not warn users that requests and target URLs may be sent to a third-party proxy/unlocking provider, potentially exposing sensitive queries, internal URLs, or regulated content. In a search-and-browsing skill, this omission is materially relevant because users may assume browsing is direct when the tool can transparently route traffic through an external service after 403/429 responses.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal