Unpinned Dependencies
Low
- Category
- Supply Chain
- Content
pandas>=1.5.0 matplotlib>=3.5.0 openpyxl>=3.0.0 xlrd>=2.0.0
- Confidence
- 93% confidence
- Finding
- pandas>=1.5.0
data-scatter-plot
Security checks across malware telemetry and agentic risk
Overview
This skill is a local CSV/Excel plotting tool; the only notable issue is ordinary dependency version drift, not hidden or unsafe behavior.
Install dependencies from a trusted Python package source and consider pinning versions or using a lock file if reproducibility matters. Use the skill only with data files and output folders you intend it to access, since generated plot files may overwrite same-named outputs.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)
Unpinned Dependencies
Low
- Category
- Supply Chain
- Content
pandas>=1.5.0 matplotlib>=3.5.0 openpyxl>=3.0.0 xlrd>=2.0.0
- Confidence
- 93% confidence
- Finding
- matplotlib>=3.5.0
Unpinned Dependencies
Low
- Category
- Supply Chain
- Content
pandas>=1.5.0 matplotlib>=3.5.0 openpyxl>=3.0.0 xlrd>=2.0.0
- Confidence
- 94% confidence
- Finding
- openpyxl>=3.0.0
Unpinned Dependencies
Low
- Category
- Supply Chain
- Content
pandas>=1.5.0 matplotlib>=3.5.0 openpyxl>=3.0.0 xlrd>=2.0.0
- Confidence
- 92% confidence
- Finding
- xlrd>=2.0.0
VirusTotal
66/66 vendors flagged this skill as clean.