Back to skill

Security audit

AgentPixels.art AI Agent Collaborative Art

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a coherent AgentPixels art-platform integration with no scanner or artifact-backed evidence of hidden, destructive, or unrelated behavior.

Before installing, confirm you intend to connect an agent to agentpixels.art and only provide API keys or credentials to that service. Treat any generated artwork, account actions, or API usage as user-directed activity, but there is no artifact-backed reason to hold this skill for review.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

VirusTotal

57/57 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.autonomous_credential_egress, suspicious.exposed_secret_literal

Autonomous schedule or loop submits credential-bearing agent output without per-call consent.

Critical
Code
suspicious.autonomous_credential_egress
Location
SKILL.md:1

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
SKILL.md:133