Unpinned Dependencies
Low
- Category
- Supply Chain
- Content
beautifulsoup4>=4.12.0 cssutils>=2.7.0 requests>=2.31.0
- Confidence
- 97% confidence
- Finding
- beautifulsoup4>=4.12.0
Html2pptx Complete
Security checks across malware telemetry and agentic risk
Overview
This looks like a real local HTML-to-PPTX converter, but it needs review because crafted file paths can cause unintended shell commands to run.
Install only after reviewing or fixing the command execution wrapper. Until then, use it in an isolated working directory with simple trusted filenames, avoid converting untrusted HTML packages, and pin or remove unused Python dependencies before normal use.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)
Unpinned Dependencies
Low
- Category
- Supply Chain
- Content
beautifulsoup4>=4.12.0 cssutils>=2.7.0 requests>=2.31.0
- Confidence
- 97% confidence
- Finding
- cssutils>=2.7.0
Unpinned Dependencies
Low
- Category
- Supply Chain
- Content
beautifulsoup4>=4.12.0 cssutils>=2.7.0 requests>=2.31.0
- Confidence
- 98% confidence
- Finding
- requests>=2.31.0
Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more
High
- Category
- Supply Chain
- Confidence
- 93% confidence
- Finding
- requests
VirusTotal
45/45 vendors flagged this skill as clean.