Back to skill

Security audit

Maxhub Pipixia

Security checks across malware telemetry and agentic risk

Overview

The skill mostly provides disclosed Pipixia data lookups through MaxHub, but it also documents a restricted view-count increasing capability and broad auto-routing triggers that warrant user review.

Install only if you are comfortable sending Pipixia IDs, keywords, URLs, and returned user/social data to MaxHub. Use a dedicated MaxHub API key, avoid production cookies or sessions, and do not allow the view-count increasing endpoint unless you explicitly intend that action and accept platform ToS risk.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The documented endpoint fetch_increase_post_view_count performs a state-changing action that manipulates remote platform metrics, yet this file does not include an explicit per-endpoint warning requiring informed user consent before invocation. In an agent setting, a write-capable endpoint disguised among read-oriented content APIs can be accidentally or improperly triggered, causing unauthorized data modification and potential ToS or abuse issues.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger keywords include very broad terms such as “数据” and “播放量”, which can match many unrelated user requests and cause the agent to invoke a recipe the user did not clearly intend. In this skill, unintended activation is more dangerous because recipe chaining can automatically pass identifiers into downstream calls, and the broader skill context includes at least one restricted write capability, increasing the risk of overreach from ambiguous routing.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger phrase set for the home-feed recipe includes broad everyday terms such as “推荐” and “有什么好看的”, which can match generic browsing intent rather than an explicit request to use this Pipixia skill. That increases the chance of unintended invocation and data retrieval from an external service, especially because the skill is not purely local and can expose platform-specific content without clear user intent.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The search recipe uses broad triggers like “搜索作品” and “皮皮虾搜索”, and the phrase “搜索作品” is generic enough to overlap with many normal assistant requests unrelated to this external service. This can cause the agent to invoke the skill unexpectedly, sending user-provided keywords to a third-party endpoint and returning external content without sufficiently explicit user consent.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger phrases for this recipe are broad and lack clear activation boundaries, so an agent may invoke the workflow for loosely related requests about a user or their content. In this skill, that can cause unnecessary collection and disclosure of user profile and post data from a third-party platform, increasing privacy and overreach risk even without explicit malicious logic.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The social-graph recipe is triggered by ambiguous phrases like '用户粉丝' and '社交圈', which can over-match common conversational requests and automatically retrieve follower/following data. Because social-graph data is more sensitive than basic content lookup, accidental activation can expose relationship information or enable profiling beyond what the user clearly requested.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.