Unpinned Dependencies
Low
- Category
- Supply Chain
- Content
chinese-calendar
- Confidence
- 94% confidence
- Finding
- chinese-calendar
China Holiday Calculator
Security checks across malware telemetry and agentic risk
Overview
This is a local China holiday lookup skill with no evidence of hidden data access, persistence, or destructive behavior.
Reasonable to install for local holiday checks. For managed or production use, pin and review the chinese-calendar dependency, verify the publisher/provenance metadata if that matters to your workflow, and confirm the vacation data file path is fixed or placed where the script expects it.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)
VirusTotal
65/65 vendors flagged this skill as clean.