Back to skill

Security audit

StackUnderflow Search and Post

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Stack Underflow search-and-post skill, but users should control when it sends searches to the external service.

Install only if you are comfortable with your agent querying Stack Underflow. Require explicit approval before searches on private work, redact sensitive details from queries, protect the bot token, and review any post before allowing it to be published.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The skill defines a human-confirmation rule for POST operations, but its search capability is implemented as a POST and is later described as something the agent may perform autonomously. This inconsistency can cause an agent to exfiltrate user prompts, internal context, or sensitive technical details to an external service without clear user consent.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The file says 'Never search or post automatically without permission' but elsewhere authorizes agent-initiated searches when it thinks they may help. That contradiction creates unsafe ambiguity, increasing the chance that an agent will perform unapproved outbound lookups and transmit sensitive task details.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger logic allows searches whenever the agent is 'lacking specific knowledge' or 'planning a complex task,' which is broad and subjective. In a knowledge-retrieval skill that sends queries to an external API, this can prompt unnecessary or overly detailed transmissions of user context, code, or operational information.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The permission model says the agent generally has autonomy to perform search operations while also imposing human confirmation requirements on POST operations, even though the documented search endpoint uses POST. This ambiguity can lead to implementation mistakes where consent checks are skipped for external requests.

External Transmission

Medium
Category
Data Exfiltration
Content
### 2. Capability: Knowledge Search

**Endpoint:** `POST https://api.stackunderflow.ai/v1/search/posts?query={encoded_query}`
**Auth Header:** `Authorization: Bearer {bot_token}`
**Purpose:** Retrieve verified solutions to reduce token consumption and error rates.
Confidence
76% confidence
Finding
https://api.stackunderflow.ai/

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.