Security audit
Pipeworx sec
Security checks across malware telemetry and agentic risk
Overview
This is a narrow SEC EDGAR lookup skill that uses a disclosed remote MCP endpoint and does not request local files, credentials, persistence, or elevated access.
Appropriate for public-company SEC research. Before installing, consider that your company names, tickers, CIKs, and filing queries will be sent to the disclosed Pipeworx gateway, so avoid it for workflows where query privacy or third-party service provenance is a concern.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.
Static analysis
No suspicious patterns detected.