Unpinned Dependencies
Low
- Category
- Supply Chain
- Content
pytest-cov>=4.1.0 pytest-mock>=3.12.0 httpx-mock>=0.15.0 black>=24.0.0 mypy>=1.8.0 ruff>=0.2.0
- Confidence
- 98% confidence
- Finding
- black>=24.0.0
Câmara dos Deputados
Security checks across malware telemetry and agentic risk
Overview
This skill is a read-only helper for public Brazilian Chamber of Deputies data, with dependency hygiene issues but no hidden or harmful behavior found.
This skill is reasonable to install for public Câmara dos Deputados research. Be aware that search terms and requested IDs/dates are sent to the public government API, and if you run the bundled Python tooling locally or in CI, use a virtual environment and pin or update dependencies, especially the development formatter dependency.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)
Unpinned Dependencies
Low
- Category
- Supply Chain
- Content
httpx>=0.27.0
- Confidence
- 96% confidence
- Finding
- httpx>=0.27.0
Known Vulnerable Dependency: black — 3 advisory(ies): CVE-2026-32274 (Black: Arbitrary file writes from unsanitized user input in cache file name); CVE-2024-21503 (Black vulnerable to Regular Expression Denial of Service (ReDoS)); CVE-2024-21503 (Versions of the package black before 24.3.0 are vulnerable to Regular Expression)
High
- Category
- Supply Chain
- Confidence
- 93% confidence
- Finding
- black
VirusTotal
67/67 vendors flagged this skill as clean.