Unpinned Dependencies
- Category
- Supply Chain
- Content
requests>=2.31.0 beautifulsoup4>=4.12.0 pandas>=2.0.0 numpy>=1.24.0
- Confidence
- 96% confidence
- Finding
- requests>=2.31.0
Security audit
Security checks across malware telemetry and agentic risk
This skill does not show data theft or destructive behavior, but its advertised live Amazon and supplier research features are mostly unfinished while users may pay for it and provide API keys.
Review before installing or paying. The main risk is not malware-like behavior; it is that the skill markets real-time product discovery and supplier recommendations while the provided code appears to be a prototype. Do not place API keys in prompt-visible files such as TOOLS.md, and do not rely on this tool for business decisions unless the publisher provides working, verifiable data integrations and pinned dependencies.
requests>=2.31.0 beautifulsoup4>=4.12.0 pandas>=2.0.0 numpy>=1.24.0
requests>=2.31.0 beautifulsoup4>=4.12.0 pandas>=2.0.0 numpy>=1.24.0 python-dotenv>=1.0.0
requests>=2.31.0 beautifulsoup4>=4.12.0 pandas>=2.0.0 numpy>=1.24.0 python-dotenv>=1.0.0 aiohttp>=3.9.0
requests>=2.31.0 beautifulsoup4>=4.12.0 pandas>=2.0.0 numpy>=1.24.0 python-dotenv>=1.0.0 aiohttp>=3.9.0
beautifulsoup4>=4.12.0 pandas>=2.0.0 numpy>=1.24.0 python-dotenv>=1.0.0 aiohttp>=3.9.0
pandas>=2.0.0 numpy>=1.24.0 python-dotenv>=1.0.0 aiohttp>=3.9.0
65/65 vendors flagged this skill as clean.
No suspicious patterns detected.