Heatmap Beautifier

Security checks across malware telemetry and agentic risk

Overview

This appears to be a normal data-visualization skill with disclosed local file processing and ordinary Python plotting dependencies, with hygiene issues but no artifact-backed malicious behavior.

Before installing, use it only on CSV and annotation files you intend to share with the agent, and prefer installing in an isolated Python environment with pinned or reviewed dependency versions. The scan found dependency and documentation hygiene issues, but not hidden behavior, credential handling, persistence, or exfiltration.

SkillSpector

By NVIDIA

Vulnerability Patterns

Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (8)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 88% confidence
Finding: The skill documentation instructs the agent to read user-supplied CSV files and local annotation files, which implies file-read capability, but the skill metadata declares no permissions. This mismatch can undermine sandboxing and trust decisions because an execution framework may allow undeclared file access or fail to present the true capability surface to users and reviewers.

Intent-Code Divergence

Medium

Confidence: 93% confidence
Finding: The audit artifact is internally inconsistent: it asserts that exception-handling hardening was implemented, while later sections admit the underlying script may still retain a bare except and may not catch FileNotFoundError. This can cause downstream reviewers or deployment systems to trust a security/reliability improvement that was never actually verified, allowing weak error handling to persist unnoticed in production.

Unpinned Dependencies

Low

Category: Supply Chain
Content: matplotlib numpy pandas seaborn
Confidence: 97% confidence
Finding: matplotlib

Unpinned Dependencies

Low

Category: Supply Chain
Content: matplotlib numpy pandas seaborn
Confidence: 99% confidence
Finding: numpy

Unpinned Dependencies

Low

Category: Supply Chain
Content: matplotlib numpy pandas seaborn
Confidence: 98% confidence
Finding: pandas

Unpinned Dependencies

Low

Category: Supply Chain
Content: matplotlib numpy pandas seaborn
Confidence: 96% confidence
Finding: seaborn

Known Vulnerable Dependency: numpy — 10 advisory(ies): CVE-2014-1859 (Numpy arbitrary file write via symlink attack); CVE-2021-41495 (NumPy NULL Pointer Dereference); CVE-2021-33430 (NumPy Buffer Overflow (Disputed)) +7 more

Critical

Category: Supply Chain
Confidence: 84% confidence
Finding: numpy

Known Vulnerable Dependency: pandas — 1 advisory(ies): CVE-2020-13091 ( DISPUTED pandas through 1.0.3 can unserialize and execute commands from an)

High

Category: Supply Chain
Confidence: 65% confidence
Finding: pandas

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Overview

SkillSpector

Lp3

Intent-Code Divergence

Unpinned Dependencies

Unpinned Dependencies

Unpinned Dependencies

Unpinned Dependencies

Known Vulnerable Dependency: numpy — 10 advisory(ies): CVE-2014-1859 (Numpy arbitrary file write via symlink attack); CVE-2021-41495 (NumPy NULL Pointer Dereference); CVE-2021-33430 (NumPy Buffer Overflow (Disputed)) +7 more

Known Vulnerable Dependency: pandas — 1 advisory(ies): CVE-2020-13091 (** DISPUTED ** pandas through 1.0.3 can unserialize and execute commands from an)

VirusTotal

Known Vulnerable Dependency: pandas — 1 advisory(ies): CVE-2020-13091 ( DISPUTED pandas through 1.0.3 can unserialize and execute commands from an)