Unpinned Dependencies
Low
- Category
- Supply Chain
- Content
pytest>=7.0.0 pyyaml>=6.0
- Confidence
- 91% confidence
- Finding
- pytest>=7.0.0
Api Doc Gen
Security checks across malware telemetry and agentic risk
Overview
This appears to be a local API documentation generator with dependency hygiene issues but no hidden, destructive, or data-exfiltrating behavior found.
Install in an isolated environment, pin or lock pytest and PyYAML to reviewed versions before production use, and run batch mode only on project directories you intend to document because generated files may reveal internal API names and routes.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)
Unpinned Dependencies
Low
- Category
- Supply Chain
- Content
pytest>=7.0.0 pyyaml>=6.0
- Confidence
- 97% confidence
- Finding
- pyyaml>=6.0
Known Vulnerable Dependency: pytest — 1 advisory(ies): CVE-2025-71176 (pytest has vulnerable tmpdir handling)
Low
- Category
- Supply Chain
- Confidence
- 68% confidence
- Finding
- pytest
Known Vulnerable Dependency: pyyaml — 8 advisory(ies): CVE-2019-20477 (Deserialization of Untrusted Data in PyYAML); CVE-2020-1747 (Improper Input Validation in PyYAML); CVE-2020-14343 (Improper Input Validation in PyYAML) +5 more
Critical
- Category
- Supply Chain
- Confidence
- 99% confidence
- Finding
- pyyaml
VirusTotal
60/60 vendors flagged this skill as clean.