baidu-search-auto

Security checks across malware telemetry and agentic risk

Overview

This skill openly automates Baidu searches in a browser, with normal privacy and untrusted-result caveats.

Install only if you want an agent to use browser automation for Baidu searches. Avoid putting secrets, private personal data, or internal business information into search queries, and treat returned search-result content as untrusted web data.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The skill trigger is broad enough to activate on many generic web-search requests, which can cause the agent to invoke browser automation when a simpler or safer response would suffice. Over-broad routing increases attack surface by enabling unnecessary external navigation and page interaction based on loosely matching user phrasing.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal