Known Vulnerable Dependency: pytest — 1 advisory(ies): CVE-2025-71176 (pytest has vulnerable tmpdir handling)
Low
- Category
- Supply Chain
- Confidence
- 88% confidence
- Finding
- pytest
电商产品描述批量生成器
Security checks across malware telemetry and agentic risk
Overview
This is a local ecommerce copy generator with expected CSV input and file output behavior, and no evidence of hidden access, network use, credentials, persistence, or destructive actions.
Reasonable to install for local product-copy generation. Only point the CSV input at files you intend to process, choose output paths carefully because existing files can be overwritten, and update or pin pytest if you plan to run the test suite in shared or CI environments.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)
VirusTotal
67/67 vendors flagged this skill as clean.