Back to skill

Security audit

Python Venv

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward Python environment helper, but it can install packages or create environments and includes a risky uv installer one-liner in troubleshooting notes.

Install this only if you are comfortable with an agent managing Python environments and installing dependencies in your projects. Ask the agent to confirm before running install, sync, delete, or remote installer commands, and prefer verified package-manager installation steps over copying pipe-to-shell snippets.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill explicitly instructs the agent to create or modify Python environments and install dependencies automatically without requiring an explicit user confirmation or warning about side effects. In an agent setting, this can unexpectedly change the local project state, execute package installation workflows, and introduce risk from unreviewed dependency changes or package post-install behavior.

Missing User Warnings

Low
Confidence
72% confidence
Finding
The skill recommends inspecting environment variables such as VIRTUAL_ENV and CONDA_PREFIX as part of routine detection, but does not warn that environment-variable values may reveal sensitive local paths or operational context. While these specific variables are usually low sensitivity, normalizing unrestricted environment inspection in agent workflows can expose host details unnecessarily.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The file instructs users to pipe a remotely fetched installer script directly into `sh` and to execute a PowerShell script via `iex`, which prevents meaningful inspection before execution. If the remote host, transport, or published script is compromised, users may execute arbitrary code on their system immediately.

External Script Fetching

Low
Category
Supply Chain
Content
```bash
# Linux/macOS
curl -LsSf https://astral.sh/uv/install.sh | sh

# Windows PowerShell
powershell -ExecutionPolicy ByPass -c "irm https://astral.sh/uv/install.ps1 | iex"
Confidence
95% confidence
Finding
curl -LsSf https://astral.sh/uv/install.sh | sh

Chaining Abuse

High
Category
Tool Misuse
Content
```bash
# Linux/macOS
curl -LsSf https://astral.sh/uv/install.sh | sh

# Windows PowerShell
powershell -ExecutionPolicy ByPass -c "irm https://astral.sh/uv/install.ps1 | iex"
Confidence
98% confidence
Finding
| sh

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.