Pixeltable

Security checks across static analysis, malware telemetry, and agentic risk

Overview

The skill is coherent Pixeltable documentation, but it promotes automatic external AI/tool calls and persistent memory without enough guidance on consent, retention, data sharing, or approval controls.

Install only if you are comfortable with Pixeltable workflows that may automatically call external AI providers, execute selected tools, store chat history and user memories, and process uploaded media. Before using it with private or regulated data, add explicit allowlists, human approval for side-effecting tools, provider/data-flow disclosure, retention and deletion policies, secret/PII filtering, cost controls, and trusted-only MCP endpoints.

SkillSpector (10)

By NVIDIA

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The documentation explicitly promotes agent patterns where an LLM can select tools and Pixeltable will execute them automatically, but it does not warn that tools may access external systems, retrieve sensitive data, or trigger side effects. In an agent-building skill, this omission is security-relevant because users may copy the pattern into real integrations with APIs, filesystems, or privileged actions without adding confirmation, allowlists, or audit controls.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The recipe centers on persistent storage of chat history and user memory, but it does not include any warning about retention, sensitive data capture, consent, or deletion controls. In a production agent-memory pattern, this omission can lead deployers to store personal or confidential data indefinitely without appropriate user notice or governance.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The MCP integration section encourages loading tools from an external server and states they work like local tools, but it omits that tool invocations may transmit prompts, retrieved memories, system instructions, or other user data to a remote service. That can cause unintentional third-party data disclosure, especially because this recipe explicitly assembles memory and conversation context into agent inputs.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The documentation shows sending image content to external AI providers via chat_completions without any warning that image data may leave the local environment and be processed by third-party services. In an ML data pipeline context, images often contain sensitive personal, proprietary, or regulated content, so omission of privacy and consent guidance can lead users to exfiltrate data unintentionally.

Missing User Warnings

Low

Confidence: 80% confidence
Finding: The recipe encourages ingestion from URLs and cloud storage locations such as S3, GCS, and Azure without warning about trust boundaries, credential scope, or the risks of importing untrusted remote content. While this is common functionality, users may assume these sources are inherently safe and inadvertently process malicious, private, or unauthorized data.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The recipe sends user prompts, video frames, audio-derived transcripts, and possibly search terms to third-party providers including OpenAI, Anthropic, Hugging Face models, and DuckDuckGo-based search without an explicit disclosure. In a multimodal RAG pipeline, this can expose sensitive user data or copyrighted/private media-derived content to external services unexpectedly, creating privacy, compliance, and data-governance risk.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The documentation states that inserting into the agent table automatically triggers the full pipeline, but it does not warn that this action will initiate multiple external API calls and processing steps over uploaded video and derived content. That hidden side effect is dangerous because a simple insert operation can unexpectedly exfiltrate data, incur costs, and process sensitive media without an operator realizing it.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The workflow sends user-supplied video frames, extracted audio, transcriptions, and prompts to third-party model providers without any disclosure or privacy warning. In production, this can lead to unintended transmission of sensitive personal, proprietary, or regulated data to external services, especially because computed columns run automatically on insert.

Ssd 3

Medium

Confidence: 89% confidence
Finding: The prompt builder injects recalled memories and prior conversation turns verbatim into the model input, which creates a straightforward channel for previously stored sensitive information to be repeated or inferred in later responses. Because retrieval is semantic and automatic, a user can trigger resurfacing of data that was originally provided in a different context.

Ssd 3

Medium

Confidence: 91% confidence
Finding: The workflow explicitly instructs saving every conversation turn for future recall, creating a durable natural-language store of whatever users type, including secrets, credentials, health data, or internal business information. Once retained, that information can later be retrieved and echoed back by the agent, expanding both privacy and security exposure.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal