Unpinned Dependencies
Low
- Category
- Supply Chain
- Content
playwright>=1.40.0 selenium>=4.15.0 pytest>=7.0.0
- Confidence
- 95% confidence
- Finding
- playwright>=1.40.0
Security audit
Website Screenshot Tool
Security checks across malware telemetry and agentic risk
Overview
This is a straightforward website screenshot tool; its browser automation and file output match its stated purpose, though dependencies should be pinned before serious use.
Install it only where automated browser visits to the URLs you provide are acceptable, especially if the runtime can reach private/internal sites. For production or CI, pin dependencies with a lockfile and run browser automation in an isolated environment with a dedicated output directory.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (5)
Unpinned Dependencies
Low
- Category
- Supply Chain
- Content
playwright>=1.40.0 selenium>=4.15.0 pytest>=7.0.0
- Confidence
- 98% confidence
- Finding
- selenium>=4.15.0
Unpinned Dependencies
Low
- Category
- Supply Chain
- Content
playwright>=1.40.0 selenium>=4.15.0 pytest>=7.0.0
- Confidence
- 91% confidence
- Finding
- pytest>=7.0.0
Known Vulnerable Dependency: selenium — 2 advisory(ies): CVE-2022-28108 (Selenium Server (Grid) before 4 allows CSRF because it permits non-JSON content ); CVE-2023-5590 (NULL Pointer Dereference in GitHub repository seleniumhq/selenium prior to 4.14.)
Critical
- Category
- Supply Chain
- Confidence
- 90% confidence
- Finding
- selenium
Known Vulnerable Dependency: pytest — 1 advisory(ies): CVE-2025-71176 (pytest has vulnerable tmpdir handling)
Low
- Category
- Supply Chain
- Confidence
- 65% confidence
- Finding
- pytest
VirusTotal
66/66 vendors flagged this skill as clean.
Static analysis
No suspicious patterns detected.