Unpinned Dependencies
Low
- Category
- Supply Chain
- Content
matplotlib numpy
- Confidence
- 60% confidence
- Finding
- matplotlib
Upset Plot Converter
Security checks across malware telemetry and agentic risk
Overview
This skill is a straightforward local plotting utility with minor dependency hygiene cautions, not evidence of hidden or harmful behavior.
Install and run this in a normal sandboxed Python environment, avoid elevated privileges, keep output paths inside the intended workspace, and consider pinning audited versions of matplotlib and numpy before production or repeated use.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)
Unpinned Dependencies
Low
- Category
- Supply Chain
- Content
matplotlib numpy
- Confidence
- 60% confidence
- Finding
- numpy
Known Vulnerable Dependency: numpy — 10 advisory(ies): CVE-2014-1859 (Numpy arbitrary file write via symlink attack); CVE-2021-41495 (NumPy NULL Pointer Dereference); CVE-2021-33430 (NumPy Buffer Overflow (Disputed)) +7 more
Critical
- Category
- Supply Chain
- Confidence
- 90% confidence
- Finding
- numpy
VirusTotal
64/64 vendors flagged this skill as clean.