pip
Security checks across malware telemetry and agentic risk
Overview
This is a straightforward pip helper skill whose package-management behavior is disclosed and aligned with its purpose.
Install this if you want an agent to help manage Python packages. Prefer project virtual environments, review package names and requirements files before running installs or uninstalls, and avoid changing the global Python environment unless that is exactly what you intend.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
66/66 vendors flagged this skill as clean.