Security audit
Pipeworx flood
Security checks across malware telemetry and agentic risk
Overview
This is a simple flood-forecast skill that clearly sends location coordinates to a remote forecast service and does not request unusual local access.
Before installing, consider that forecast requests will send latitude and longitude values to Pipeworx's gateway. If you use the optional MCP configuration, it downloads the latest mcp-remote helper through npx; pinning that helper version would reduce supply-chain uncertainty.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
66/66 vendors flagged this skill as clean.