Unpinned Dependencies
Low
- Category
- Supply Chain
- Content
numpy>=1.20.0 scipy>=1.7.0 matplotlib>=3.5.0 pandas>=1.3.0
- Confidence
- 95% confidence
- Finding
- numpy>=1.20.0
Meta-Analysis Forest Plotter
Security checks across malware telemetry and agentic risk
Overview
This skill is a local plotting utility for meta-analysis forest plots, with no evidence of hidden data access, network exfiltration, persistence, or destructive behavior.
Safe to install for local forest-plot generation. Install dependencies from a trusted Python package source, consider pinning versions for reproducible environments, verify the correct script entry point, and choose output paths carefully because generated plots may overwrite existing files.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)
Unpinned Dependencies
Low
- Category
- Supply Chain
- Content
numpy>=1.20.0 scipy>=1.7.0 matplotlib>=3.5.0 pandas>=1.3.0
- Confidence
- 95% confidence
- Finding
- scipy>=1.7.0
Unpinned Dependencies
Low
- Category
- Supply Chain
- Content
numpy>=1.20.0 scipy>=1.7.0 matplotlib>=3.5.0 pandas>=1.3.0
- Confidence
- 95% confidence
- Finding
- matplotlib>=3.5.0
Unpinned Dependencies
Low
- Category
- Supply Chain
- Content
numpy>=1.20.0 scipy>=1.7.0 matplotlib>=3.5.0 pandas>=1.3.0
- Confidence
- 95% confidence
- Finding
- pandas>=1.3.0
VirusTotal
64/64 vendors flagged this skill as clean.