pidrive

Security checks across malware telemetry and agentic risk

Overview

pidrive is a clearly described cloud-backed drive for agents; it handles files, sharing, indexing, and credentials, but those behaviors are disclosed and match its purpose.

Install only if you trust the pidrive publisher, Homebrew tap or GitHub release, and hosted pidrive service. Treat /drive/my as cloud storage, protect the local API key, avoid public links for sensitive files, and require explicit confirmation before deleting files, sharing links, revoking access, or changing paid plans.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The skill encourages direct use of standard Unix file operations against a remote persistent store and promotes public link sharing, but the main usage flow does not prominently warn about destructive commands, accidental overwrites, or the privacy impact of server-side indexing. In an agent context, broad filesystem-like access can cause unintended data loss or disclosure because automated tools may treat the mounted drive as ordinary local storage and act on it recursively.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal