ShortPixel

Security checks across malware telemetry and agentic risk

Overview

This ShortPixel connector is disclosed and purpose-aligned, but it can change or purge ShortPixel domain data so users should approve those actions carefully.

Install this only if you want an agent to manage ShortPixel via an OOMOL-connected account. Confirm the exact domain and effect before allowing add, set, revoke, cache purge, or storage purge actions, and review the oo CLI installer before running first-time setup.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The description says to use this skill for ANY ShortPixel request and instead of calling the API directly, creating an overly broad auto-invocation trigger. That can cause the agent to select this skill in situations it should not, increasing the chance of unintended state-changing operations or routing sensitive requests through a connector without sufficient task-specific validation.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal