Pipintama Boards

Security checks across malware telemetry and agentic risk

Overview

This is a clear hosted-board integration, but users should know new boards are shared by default unless they ask for private visibility.

Install this only if you are comfortable sending board content to Pipintama. For business, personal, architecture, or other sensitive material, explicitly ask for private visibility and use a scoped or revocable API key when available.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill explicitly defaults new boards to `shared`, which can make user-provided content accessible via a shareable link without a clear opt-in or warning. If users include sensitive business, personal, or architectural information, this default increases the risk of unintended disclosure through externally accessible hosted URLs.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal