Back to skill

Security audit

zhipu web search

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Zhipu web-search wrapper that sends user-provided search queries to Zhipu/BigModel using a configured API key.

Install this only if you are comfortable sending search queries to Zhipu/BigModel under your Zhipu account. Avoid putting secrets, private internal details, or sensitive personal data in searches, and use a revocable API key where possible.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill advertises and instructs shell execution via curl, but does not declare corresponding permissions despite requiring the curl binary and an API key. This creates a transparency and policy gap: an agent or user may invoke network-capable shell actions without an explicit permission boundary, increasing the chance of unintended external communication or unsafe execution assumptions.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation instructs users to send arbitrary search queries to Zhipu AI's external web_search API, but it does not clearly warn that prompts, search terms, and possibly sensitive context will leave the local environment. In an agent setting, this can lead to inadvertent disclosure of confidential user data if the skill is used on internal or sensitive queries.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.