Unpinned Dependencies
Low
- Category
- Supply Chain
- Content
pyyaml>=6.0
- Confidence
- 95% confidence
- Finding
- pyyaml>=6.0
Security audit
JSON Wizard
Security checks across malware telemetry and agentic risk
Overview
This is a straightforward local JSON/YAML formatting tool with no hidden network, persistence, or privileged behavior found.
Install only if you are comfortable using a local Python tool to process JSON/YAML you provide. Prefer installing with a reviewed, pinned PyYAML version, and avoid using --file on sensitive files unless you intend the tool to read and print their parsed contents.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)
Known Vulnerable Dependency: pyyaml — 8 advisory(ies): CVE-2019-20477 (Deserialization of Untrusted Data in PyYAML); CVE-2020-1747 (Improper Input Validation in PyYAML); CVE-2020-14343 (Improper Input Validation in PyYAML) +5 more
Critical
- Category
- Supply Chain
- Confidence
- 88% confidence
- Finding
- pyyaml
VirusTotal
65/65 vendors flagged this skill as clean.
Static analysis
No suspicious patterns detected.