Unpinned Dependencies
Low
- Category
- Supply Chain
- Content
numpy pandas scipy
- Confidence
- 97% confidence
- Finding
- numpy
Clinical Data Cleaner
Security checks across malware telemetry and agentic risk
Overview
This is a local clinical data cleaning skill whose dataset changes are disclosed and purpose-aligned, with dependency pinning and regulatory review as the main cautions.
Install and run this only in a controlled environment. Pin and review dependency versions, keep raw clinical data unchanged, run the tool on copies, prefer flagging over removal or capping unless approved, protect any PHI or trial identifiers in outputs, and require independent clinical/statistical/regulatory QC before relying on results for submissions.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (6)
Unpinned Dependencies
Low
- Category
- Supply Chain
- Content
numpy pandas scipy
- Confidence
- 97% confidence
- Finding
- pandas
Unpinned Dependencies
Low
- Category
- Supply Chain
- Content
numpy pandas scipy
- Confidence
- 97% confidence
- Finding
- scipy
Known Vulnerable Dependency: numpy — 10 advisory(ies): CVE-2014-1859 (Numpy arbitrary file write via symlink attack); CVE-2021-41495 (NumPy NULL Pointer Dereference); CVE-2021-33430 (NumPy Buffer Overflow (Disputed)) +7 more
Critical
- Category
- Supply Chain
- Confidence
- 88% confidence
- Finding
- numpy
Known Vulnerable Dependency: pandas — 1 advisory(ies): CVE-2020-13091 (** DISPUTED ** pandas through 1.0.3 can unserialize and execute commands from an)
High
- Category
- Supply Chain
- Confidence
- 74% confidence
- Finding
- pandas
Known Vulnerable Dependency: scipy — 4 advisory(ies): CVE-2013-4251 (SciPy creates insecure temporary directories); CVE-2013-4251 (The scipy.weave component in SciPy before 0.12.1 creates insecure temporary dire); CVE-2023-25399 (A refcounting issue which leads to potential memory leak was discovered in scipy) +1 more
High
- Category
- Supply Chain
- Confidence
- 86% confidence
- Finding
- scipy
VirusTotal
66/66 vendors flagged this skill as clean.