Pipeworx fruityvice
Security checks across malware telemetry and agentic risk
Overview
This skill appears to be a straightforward fruit nutrition lookup integration with no hidden local access or privileged behavior in the artifacts.
Before installing, consider that queries will be sent to the Pipeworx gateway and that the setup command runs mcp-remote through npx. The skill does not ask for secrets, local files, or privileged access.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
66/66 vendors flagged this skill as clean.