Table 1 Generator

Security checks across malware telemetry and agentic risk

Overview

This skill locally generates clinical Table 1 summaries from user-provided CSV files, with no hidden network access, credential use, persistence, or unrelated behavior found.

Install this in a virtual environment, pin or lock numpy/pandas/scipy before regulated or repeatable research use, and only run it on intended CSV files with controlled output paths. Treat both input datasets and generated tables as potentially sensitive clinical information, especially where small cells or identifiers could reveal patient details.

SkillSpector

By NVIDIA

Vulnerability Patterns

Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (7)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill is designed to process patient data and explicitly writes Table 1 outputs to CSV/Excel, but the usage and output sections do not clearly warn that generated files may contain sensitive patient-derived information or require de-identification and controlled storage. In a clinical research context, this omission can lead users to save or share outputs insecurely, increasing the risk of privacy breaches or regulatory noncompliance.

Unpinned Dependencies

Low

Category: Supply Chain
Content: numpy pandas scipy
Confidence: 97% confidence
Finding: numpy

Unpinned Dependencies

Low

Category: Supply Chain
Content: numpy pandas scipy
Confidence: 97% confidence
Finding: pandas

Unpinned Dependencies

Low

Category: Supply Chain
Content: numpy pandas scipy
Confidence: 97% confidence
Finding: scipy

Known Vulnerable Dependency: numpy — 10 advisory(ies): CVE-2014-1859 (Numpy arbitrary file write via symlink attack); CVE-2021-41495 (NumPy NULL Pointer Dereference); CVE-2021-33430 (NumPy Buffer Overflow (Disputed)) +7 more

Critical

Category: Supply Chain
Confidence: 88% confidence
Finding: numpy

Known Vulnerable Dependency: pandas — 1 advisory(ies): CVE-2020-13091 ( DISPUTED pandas through 1.0.3 can unserialize and execute commands from an)

High

Category: Supply Chain
Confidence: 71% confidence
Finding: pandas

Known Vulnerable Dependency: scipy — 4 advisory(ies): CVE-2013-4251 (SciPy creates insecure temporary directories); CVE-2013-4251 (The scipy.weave component in SciPy before 0.12.1 creates insecure temporary dire); CVE-2023-25399 (A refcounting issue which leads to potential memory leak was discovered in scipy) +1 more

High

Category: Supply Chain
Confidence: 85% confidence
Finding: scipy

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Overview

SkillSpector

Missing User Warnings

Unpinned Dependencies

Unpinned Dependencies

Unpinned Dependencies

Known Vulnerable Dependency: numpy — 10 advisory(ies): CVE-2014-1859 (Numpy arbitrary file write via symlink attack); CVE-2021-41495 (NumPy NULL Pointer Dereference); CVE-2021-33430 (NumPy Buffer Overflow (Disputed)) +7 more

Known Vulnerable Dependency: pandas — 1 advisory(ies): CVE-2020-13091 (** DISPUTED ** pandas through 1.0.3 can unserialize and execute commands from an)

VirusTotal

Known Vulnerable Dependency: pandas — 1 advisory(ies): CVE-2020-13091 ( DISPUTED pandas through 1.0.3 can unserialize and execute commands from an)