Unpinned Dependencies
Low
- Category
- Supply Chain
- Content
akshare>=1.10.0 pandas>=1.5.0 requests>=2.28.0
- Confidence
- 97% confidence
- Finding
- akshare>=1.10.0
LOFMonitor Finance Stock Investment
Security checks across malware telemetry and agentic risk
Overview
This is a straightforward LOF fund premium/discount monitoring script with dependency hygiene issues but no evidence of hidden, destructive, credential-seeking, or persistent behavior.
Before installing, consider pinning dependencies in a lockfile and adding beautifulsoup4 explicitly. Treat the output as informational market data, not financial advice, and be aware the script contacts third-party financial-data sites when run.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)
Unpinned Dependencies
Low
- Category
- Supply Chain
- Content
akshare>=1.10.0 pandas>=1.5.0 requests>=2.28.0
- Confidence
- 89% confidence
- Finding
- pandas>=1.5.0
Unpinned Dependencies
Low
- Category
- Supply Chain
- Content
akshare>=1.10.0 pandas>=1.5.0 requests>=2.28.0
- Confidence
- 96% confidence
- Finding
- requests>=2.28.0
Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more
High
- Category
- Supply Chain
- Confidence
- 86% confidence
- Finding
- requests
VirusTotal
65/65 vendors flagged this skill as clean.