Pipeworx nutrition
Security checks across malware telemetry and agentic risk
Overview
This skill is a small, disclosed nutrition lookup connector and does not show hidden data access or privileged behavior.
Reasonable to install for nutrition and product lookup. Before using it, understand that it runs an npm-based MCP launcher using the latest mcp-remote package and sends lookup queries to Pipeworx's remote gateway; avoid sensitive query content or pin the launcher version if your environment requires stricter supply-chain control.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.