Unpinned Dependencies
Low
- Category
- Supply Chain
- Content
numpy pil pillow
- Confidence
- 95% confidence
- Finding
- numpy
Multi-panel Figure Assembler
Security checks across malware telemetry and agentic risk
Overview
This skill appears to locally assemble six image panels as advertised, but its Python dependency file should be cleaned up before installation.
Install only in a virtual environment or other sandbox, remove the 'pil' line, and pin reviewed versions of Pillow and numpy. Use only intended local image paths and output locations, because the script will read and write paths supplied on the command line.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (6)
Unpinned Dependencies
Low
- Category
- Supply Chain
- Content
numpy pil pillow
- Confidence
- 99% confidence
- Finding
- pil
Unpinned Dependencies
Low
- Category
- Supply Chain
- Content
numpy pil pillow
- Confidence
- 95% confidence
- Finding
- pillow
Known Vulnerable Dependency: numpy — 10 advisory(ies): CVE-2014-1859 (Numpy arbitrary file write via symlink attack); CVE-2021-41495 (NumPy NULL Pointer Dereference); CVE-2021-33430 (NumPy Buffer Overflow (Disputed)) +7 more
Critical
- Category
- Supply Chain
- Confidence
- 91% confidence
- Finding
- numpy
Known Vulnerable Dependency: pillow — 10 advisory(ies): CVE-2016-2533 (Pillow buffer overflow in ImagingPcdDecode); CVE-2023-50447 (Arbitrary Code Execution in Pillow); CVE-2021-27922 (Pillow Uncontrolled Resource Consumption) +7 more
Critical
- Category
- Supply Chain
- Confidence
- 97% confidence
- Finding
- pillow
Possible Typosquatting: 'pil' resembles popular package 'pip'
High
- Category
- Supply Chain
- Confidence
- 98% confidence
- Finding
- pil
VirusTotal
65/65 vendors flagged this skill as clean.