Security audit

Pixshop MCP — 28+ AI Creative Tools

Security checks across malware telemetry and agentic risk

Overview

This is a real Pixshop creative-media integration, but it needs review because it configures a persistent remote MCP service that can process sensitive images, spend credits, and publish content with limited safeguards described.

Install only if you trust Pixshop with the prompts, image URLs, portraits, product assets, and generated media you choose to use. Avoid sensitive or confidential images unless you have reviewed Pixshop's privacy and retention terms, constrain unnecessary Bash/Read access if your client supports it, and require explicit confirmation before spending credits or publishing content.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (3)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The skill description says to use the integration whenever a user wants image generation, photo editing, video creation, try-on, face swap, style transfer, or creative effects, which is broad enough to trigger on many ordinary creative requests. Overly broad invocation conditions can cause unnecessary routing to an external service, increasing the chance of unintended data sharing, surprise tool use, and charges. In this context, the skill is inherently external and credit-consuming, which makes over-invocation more risky than a purely local helper skill.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The tool definitions repeatedly require image URLs and other media references but do not warn that those inputs will be transmitted to Pixshop and possibly downstream providers. This is dangerous because users may provide private photos, identity images, or commercially sensitive assets without understanding that the data leaves the client and may be processed by external services; the note about provider fallback to Gemini/Replicate/OpenRouter increases that exposure.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill exposes a `post-publish` capability to publish generated work but does not clearly warn that invoking it can make content publicly visible outside the user's local environment. This creates a risk of accidental disclosure of private images, drafts, proprietary designs, or sensitive prompts, especially in a workflow-oriented skill that encourages chaining generation and publishing steps.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal