Back to skill

Security audit

Multi Search Pro

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed search-helper skill, but users should remember that their search terms may be sent to public search engines.

Install only if you want an agent to use external search engines for general, news, and finance queries. Avoid entering private, confidential, or sensitive keywords because those terms can be sent to the selected search provider.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

High
Confidence
95% confidence
Finding
The trigger phrases are very broad, including common expressions like '搜索', '查一下', '找一下', and '哪个好', which can cause the skill to activate during ordinary conversation without clear user intent to use this specific capability. In an agent environment, this increases the chance of unintended browsing or external requests, which can expose user queries to third-party search engines and cause the agent to take actions the user did not explicitly request.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The manifest description itself advertises vague trigger phrases without defining strict activation rules, which can encourage ambiguous routing and accidental invocation by the host agent. While the description alone does not execute actions, it reinforces unsafe matching behavior and makes misclassification of normal user requests more likely.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.