Unpinned Dependencies
Low
- Category
- Supply Chain
- Content
redis>=5.0.0 python-dotenv>=1.0.0
- Confidence
- 95% confidence
- Finding
- redis>=5.0.0
Security audit
Security checks across malware telemetry and agentic risk
The skill appears to be a coherent Redis-backed temporary cache, with dependency hygiene issues but no artifact-backed malicious or hidden behavior.
Before installing, prefer a reviewed lockfile or pinned dependency range, especially for python-dotenv, and configure Redis with appropriate authentication, network exposure, key prefixes, and TTLs so cached data does not persist or leak beyond the intended workspace.
redis>=5.0.0 python-dotenv>=1.0.0
redis>=5.0.0 python-dotenv>=1.0.0
66/66 vendors flagged this skill as clean.
No suspicious patterns detected.