Pipeworx fda

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward FDA public-data connector, with the main privacy caution that searches are sent to Pipeworx's hosted gateway.

Reasonable to install for public FDA lookups. Do not enter patient identifiers, private case details, or internal pharmacovigilance notes unless you trust Pipeworx's gateway and its handling of query logs; consider pinning mcp-remote instead of using @latest for repeatable installs.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 80% confidence
Finding: The skill explicitly encourages use of a remote FDA gateway for queries involving adverse drug events and patient-related report fields, but it does not clearly warn users that their search terms and retrieved data are transmitted to a third-party endpoint. In a healthcare context, queries may contain sensitive medication, condition, or case-investigation details, so the lack of disclosure increases the risk of unintended data exposure.

External Transmission

Medium

Category: Data Exfiltration
Content: ## Example: adverse events for metformin ```bash curl -s -X POST https://gateway.pipeworx.io/fda/mcp \ -H "Content-Type: application/json" \ -d '{"jsonrpc":"2.0","id":1,"method":"tools/call","params":{"name":"search_drug_events","arguments":{"query":"metformin","limit":3}}}' ```
Confidence: 90% confidence
Finding: curl -s -X POST https://gateway.pipeworx.io/fda/mcp \ -H "Content-Type: application/json" \ -d

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal