Security audit
Cross-Validated Search
Security checks across malware telemetry and agentic risk
Overview
The skill is a narrow, disclosed web-search and claim-verification workflow, with normal caution needed around its external Python install and search-provider privacy.
Before installing, confirm the intended package source and consider installing from a reviewed, pinned repository or release because the advertised PyPI name was not available at review time. Avoid sending secrets, confidential business claims, or private personal data through search queries unless you are using a provider you control, such as a trusted self-hosted SearXNG instance.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
65/65 vendors flagged this skill as clean.
Static analysis
No suspicious patterns detected.
