Unpinned Dependencies
Low
- Category
- Supply Chain
- Content
matplotlib numpy pandas
- Confidence
- 95% confidence
- Finding
- matplotlib
Volcano Plot Labeler
Security checks across malware telemetry and agentic risk
Overview
This looks like a coherent plotting helper with ordinary data-science dependencies, though its Python dependencies should be pinned before use.
Before installing, pin or review the Python dependency versions in requirements.txt and use a trusted environment. The available evidence does not show hidden credential access, persistence, exfiltration, or destructive behavior.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (5)
Unpinned Dependencies
Low
- Category
- Supply Chain
- Content
matplotlib numpy pandas
- Confidence
- 99% confidence
- Finding
- numpy
Unpinned Dependencies
Low
- Category
- Supply Chain
- Content
matplotlib numpy pandas
- Confidence
- 98% confidence
- Finding
- pandas
Known Vulnerable Dependency: numpy — 10 advisory(ies): CVE-2014-1859 (Numpy arbitrary file write via symlink attack); CVE-2021-41495 (NumPy NULL Pointer Dereference); CVE-2021-33430 (NumPy Buffer Overflow (Disputed)) +7 more
Critical
- Category
- Supply Chain
- Confidence
- 88% confidence
- Finding
- numpy
Known Vulnerable Dependency: pandas — 1 advisory(ies): CVE-2020-13091 (** DISPUTED ** pandas through 1.0.3 can unserialize and execute commands from an)
High
- Category
- Supply Chain
- Confidence
- 72% confidence
- Finding
- pandas
VirusTotal
66/66 vendors flagged this skill as clean.