Back to skill

Security audit

NLP Text Analyzer

Security checks across malware telemetry and agentic risk

Overview

The available evidence shows ordinary NLP dependencies with a low supply-chain reproducibility issue, not hidden or harmful behavior.

Before installing, consider whether you are comfortable with unpinned Python dependencies being resolved at install time. For stricter environments, pin exact versions or use a lockfile. No artifact evidence here indicates malicious behavior.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Unpinned Dependencies

Low
Category
Supply Chain
Content
jieba>=0.42.1
snownlp>=0.12.3
textblob>=0.17.1
Confidence
92% confidence
Finding
jieba>=0.42.1

Unpinned Dependencies

Low
Category
Supply Chain
Content
jieba>=0.42.1
snownlp>=0.12.3
textblob>=0.17.1
Confidence
92% confidence
Finding
snownlp>=0.12.3

Unpinned Dependencies

Low
Category
Supply Chain
Content
jieba>=0.42.1
snownlp>=0.12.3
textblob>=0.17.1
Confidence
92% confidence
Finding
textblob>=0.17.1

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.