PixelDojo

Security checks across malware telemetry and agentic risk

Overview

PixelDojo is a disclosed helper for using PixelDojo's image and video generation API, with expected API key use, network calls, and local media downloads.

Install only if you intend to use PixelDojo and are comfortable sending prompts, input image URLs, and generation requests to that service under your API key. Avoid submitting secrets or sensitive personal content, keep PIXELDOJO_API_BASE at the default unless you trust another endpoint, and choose output paths carefully because results are saved locally.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 83% confidence
Finding: The documentation tells users to export an API key and submit prompts, image URLs, and generation jobs to PixelDojo, but it does not clearly warn that this data is transmitted to a third-party service and may be retained or processed externally. In a creative-generation skill, users may include sensitive text prompts or private image URLs, so lack of disclosure can lead to unintended data exposure.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal