Oathe Security Badge

Is Zjianru/web-search-pro safe?

https://github.com/Zjianru/web-search-pro

92
SAFE

This is a legitimate web search skill that provides multi-engine search capabilities with proper documentation and clean implementation. The main security considerations are the executable JavaScript code and external API dependencies, but no malicious behavior was detected.

Category Scores

Prompt Injection 100/100 · 30%
Data Exfiltration 95/100 · 25%
Code Execution 75/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 90/100 · 5%

Findings (3)

MEDIUM Executable JavaScript Code -25

The skill contains multiple JavaScript files that execute when invoked, including search.mjs and engine-specific modules. While the code appears to implement legitimate web search functionality, it creates a code execution surface that could be exploited if modified.

LOW External API Communication -5

The skill makes HTTP requests to external search APIs (Tavily, Exa, Serper, SerpAPI). While this is the intended functionality, it creates a potential channel for data exfiltration if the skill were compromised.

LOW API Key Dependency -10

The skill requires API keys for external search services, creating a dependency on proper secret management. Improper handling could lead to credential exposure.