Unpinned Dependencies
Low
- Category
- Supply Chain
- Content
# IPO监控技能 V2 # Python依赖 requests>=2.28.0 urllib3>=1.26.0 beautifulsoup4>=4.11.0 pyyaml>=6.0
- Confidence
- 91% confidence
- Finding
- requests>=2.28.0
IPO监控
Security checks across malware telemetry and agentic risk
Overview
This skill matches its stated IPO-monitoring purpose and shows no hidden, destructive, or deceptive behavior.
Before installing, confirm that sending IPO report content and operational alerts to your Feishu workspace is acceptable, keep webhook URLs secret, run in test mode first, and pin reviewed patched dependency versions if deploying this on a schedule.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (7)
Unpinned Dependencies
Low
- Category
- Supply Chain
- Content
# Python依赖 requests>=2.28.0 urllib3>=1.26.0 beautifulsoup4>=4.11.0 pyyaml>=6.0
- Confidence
- 91% confidence
- Finding
- urllib3>=1.26.0
Unpinned Dependencies
Low
- Category
- Supply Chain
- Content
# Python依赖 requests>=2.28.0 urllib3>=1.26.0 beautifulsoup4>=4.11.0 pyyaml>=6.0
- Confidence
- 85% confidence
- Finding
- beautifulsoup4>=4.11.0
Unpinned Dependencies
Low
- Category
- Supply Chain
- Content
requests>=2.28.0 urllib3>=1.26.0 beautifulsoup4>=4.11.0 pyyaml>=6.0
- Confidence
- 94% confidence
- Finding
- pyyaml>=6.0
Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more
High
- Category
- Supply Chain
- Confidence
- 88% confidence
- Finding
- requests
Known Vulnerable Dependency: urllib3 — 10 advisory(ies): CVE-2025-66471 (urllib3 streaming API improperly handles highly compressed data); CVE-2024-37891 (urllib3's Proxy-Authorization request header isn't stripped during cross-origin ); CVE-2026-21441 (Decompression-bomb safeguards bypassed when following HTTP redirects (streaming ) +7 more
High
- Category
- Supply Chain
- Confidence
- 90% confidence
- Finding
- urllib3
Known Vulnerable Dependency: pyyaml — 8 advisory(ies): CVE-2019-20477 (Deserialization of Untrusted Data in PyYAML); CVE-2020-1747 (Improper Input Validation in PyYAML); CVE-2020-14343 (Improper Input Validation in PyYAML) +5 more
Critical
- Category
- Supply Chain
- Confidence
- 96% confidence
- Finding
- pyyaml
VirusTotal
66/66 vendors flagged this skill as clean.