Unpinned Dependencies
Low
- Category
- Supply Chain
- Content
"version": "1.0.0", "type": "module", "dependencies": { "pdf-lib": "^1.17.1", "pdf-parse": "^1.1.1", "docx": "^9.0.0" }- Confidence
- 94% confidence
- Finding
- "pdf-lib": "^1.17.1"
PDF Simple Tool
Security checks across malware telemetry and agentic risk
Overview
This skill is a straightforward local PDF utility that reads user-selected PDFs and writes user-selected PDF or DOCX outputs, with only normal npm dependency and overwrite cautions.
Install only if you are comfortable running the listed npm packages locally. When using the skill, confirm the input PDF, output folder, output filename, and page range before running it, especially because generated files may overwrite an existing path.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)
Unpinned Dependencies
Low
- Category
- Supply Chain
- Content
"type": "module", "dependencies": { "pdf-lib": "^1.17.1", "pdf-parse": "^1.1.1", "docx": "^9.0.0" } }- Confidence
- 94% confidence
- Finding
- "pdf-parse": "^1.1.1"
Unpinned Dependencies
Low
- Category
- Supply Chain
- Content
"dependencies": { "pdf-lib": "^1.17.1", "pdf-parse": "^1.1.1", "docx": "^9.0.0" } }- Confidence
- 94% confidence
- Finding
- "docx": "^9.0.0"
VirusTotal
65/65 vendors flagged this skill as clean.