Unpinned Dependencies
Low
- Category
- Supply Chain
- Content
numpy scipy
- Confidence
- 94% confidence
- Finding
- numpy
Outlier Detection & Handling
Security checks across malware telemetry and agentic risk
Overview
This is a straightforward local outlier-analysis helper; its main risk is ordinary Python dependency hardening, not hidden or abusive behavior.
Install only if you want a local Python-based outlier detection workflow. Use a virtual environment, consider pinning numpy and scipy to vetted versions, and pass only intended dataset paths because the script reads the file supplied with --data.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)
Unpinned Dependencies
Low
- Category
- Supply Chain
- Content
numpy scipy
- Confidence
- 94% confidence
- Finding
- scipy
Known Vulnerable Dependency: numpy — 10 advisory(ies): CVE-2014-1859 (Numpy arbitrary file write via symlink attack); CVE-2021-41495 (NumPy NULL Pointer Dereference); CVE-2021-33430 (NumPy Buffer Overflow (Disputed)) +7 more
Critical
- Category
- Supply Chain
- Confidence
- 83% confidence
- Finding
- numpy
Known Vulnerable Dependency: scipy — 4 advisory(ies): CVE-2013-4251 (SciPy creates insecure temporary directories); CVE-2013-4251 (The scipy.weave component in SciPy before 0.12.1 creates insecure temporary dire); CVE-2023-25399 (A refcounting issue which leads to potential memory leak was discovered in scipy) +1 more
High
- Category
- Supply Chain
- Confidence
- 80% confidence
- Finding
- scipy
VirusTotal
40/40 vendors flagged this skill as clean.