Unpinned Dependencies
Low
- Category
- Supply Chain
- Content
matplotlib numpy pandas
- Confidence
- 94% confidence
- Finding
- matplotlib
Forest Plot Styler
Security checks across malware telemetry and agentic risk
Overview
The available evidence shows dependency hygiene issues, but no deceptive, destructive, exfiltrating, or purpose-mismatched behavior.
Before installing, prefer a version of the skill that pins or constrains its Python dependencies, especially NumPy. Install in an isolated environment and update dependency pins through normal vulnerability scanning, but there is no artifact-backed reason here to treat the skill as malicious or require Review.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)
Unpinned Dependencies
Low
- Category
- Supply Chain
- Content
matplotlib numpy pandas
- Confidence
- 98% confidence
- Finding
- numpy
Unpinned Dependencies
Low
- Category
- Supply Chain
- Content
matplotlib numpy pandas
- Confidence
- 96% confidence
- Finding
- pandas
Known Vulnerable Dependency: numpy — 10 advisory(ies): CVE-2014-1859 (Numpy arbitrary file write via symlink attack); CVE-2021-41495 (NumPy NULL Pointer Dereference); CVE-2021-33430 (NumPy Buffer Overflow (Disputed)) +7 more
Critical
- Category
- Supply Chain
- Confidence
- 89% confidence
- Finding
- numpy
VirusTotal
63/63 vendors flagged this skill as clean.