Back to skill

Security audit

Web Search Pro

Security checks across malware telemetry and agentic risk

Overview

This is a coherent web search skill that uses expected network calls and optional provider API keys, with no artifact-backed evidence of deception, destructive behavior, or unrelated data access.

Install this if you want an agent to perform live web search and retrieval. Avoid submitting private/internal URLs or secret-bearing query strings, and configure only the provider API keys and endpoints you are comfortable sending search queries, URLs, and retrieved content to.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The command accepts arbitrary user-supplied URLs and may route them to third-party extract providers such as Tavily or Exa via executeExtractFlow, but this file does not present a clear user-facing disclosure at execution time that those URLs and fetched page contents may leave the local environment. In an agent skill focused on web search and retrieval, this is especially relevant because users may provide internal, sensitive, or authenticated URLs, creating a confidentiality and data-handling risk if forwarded externally.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
This code fans a single user query and associated request metadata out to multiple third-party search providers via provider executors, but there is no consent gate, warning, or minimization visible in this path. In a web-search skill that supports many optional external providers, this increases privacy and data-governance risk because sensitive queries, domain filters, locale, date, and research context may be disclosed more broadly than the user expects.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The orchestrator passes `process.env` into the execution context for every research task by default, which can expose API keys, tokens, and other secrets to downstream retrieval code or provider adapters. In a web-research skill that may invoke multiple external search providers and plugins, broad environment inheritance increases the chance of unintended secret disclosure or misuse if any task implementation forwards, logs, or transmits those values.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.env_credential_access, suspicious.exposed_secret_literal

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
scripts/engines/exa.mjs:8

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
scripts/engines/perplexity.mjs:9

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
scripts/engines/serpapi.mjs:7

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
scripts/engines/serper.mjs:8

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
scripts/engines/tavily.mjs:8

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
scripts/engines/you.mjs:64

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
scripts/extract.mjs:125

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
scripts/engines/perplexity.mjs:248