Unpinned Dependencies
Low
- Category
- Supply Chain
- Content
cv2 dataclasses imagehash matplotlib
- Confidence
- 95% confidence
- Finding
- cv2
Image Duplication Detector
Security checks across malware telemetry and agentic risk
Overview
This is a local image/PDF analysis tool with dependency hygiene and reliability issues, but no evidence of hidden access, data exfiltration, credential use, or destructive behavior.
Install only in an isolated virtual environment, replace requirements.txt with pinned canonical packages such as opencv-python and Pillow, and test folder and tampering modes before relying on results. Use dedicated output and temp directories, and delete generated reports or extracted page images if the manuscript is confidential.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (8)
Unpinned Dependencies
Low
- Category
- Supply Chain
- Content
cv2 dataclasses imagehash matplotlib numpy pdf2image
- Confidence
- 92% confidence
- Finding
- imagehash
Unpinned Dependencies
Low
- Category
- Supply Chain
- Content
cv2 dataclasses imagehash matplotlib numpy pdf2image pil
- Confidence
- 92% confidence
- Finding
- matplotlib
Unpinned Dependencies
Low
- Category
- Supply Chain
- Content
dataclasses imagehash matplotlib numpy pdf2image pil
- Confidence
- 96% confidence
- Finding
- numpy
Unpinned Dependencies
Low
- Category
- Supply Chain
- Content
imagehash matplotlib numpy pdf2image pil
- Confidence
- 93% confidence
- Finding
- pdf2image
Unpinned Dependencies
Low
- Category
- Supply Chain
- Content
matplotlib numpy pdf2image pil
- Confidence
- 98% confidence
- Finding
- pil
Known Vulnerable Dependency: numpy — 10 advisory(ies): CVE-2014-1859 (Numpy arbitrary file write via symlink attack); CVE-2021-41495 (NumPy NULL Pointer Dereference); CVE-2021-33430 (NumPy Buffer Overflow (Disputed)) +7 more
Critical
- Category
- Supply Chain
- Confidence
- 90% confidence
- Finding
- numpy
Possible Typosquatting: 'pil' resembles popular package 'pip'
High
- Category
- Supply Chain
- Confidence
- 97% confidence
- Finding
- pil
VirusTotal
67/67 vendors flagged this skill as clean.