HTMLPix API

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only HTMLPix API skill whose API-key use and remote image/template handling are expected for its stated purpose.

Install only if you intend to integrate with HTMLPix. Keep the API key in backend or secret-managed environments, review create/update template requests before running them, and treat generated image URLs and submitted template variables as data shared with a third-party service.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 87% confidence
Finding: The examples instruct users to send authenticated requests with an API key and request payloads to a third-party service, but they do not explicitly warn that secrets and template data are being transmitted off-system. In a skill that may be used by autonomous agents or copied verbatim by users, that omission can lead to accidental disclosure of credentials or sensitive business content.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal