Python Support

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only Python helper skill with package-install guidance that fits its purpose but should be used with normal dependency-install precautions.

Install is reasonable for Python workflow assistance. Before following its install examples, use a virtual environment or sandbox, install trusted and preferably pinned packages, and require explicit approval before an agent runs pip or auto-installs dependencies.

SkillSpector

By NVIDIA

Vulnerability Patterns

Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill instructs agents to install packages with pip and even provides subprocess-based auto-install logic, but it does not require use of an isolated virtual environment, user confirmation, dependency pinning, or trust controls. In an agent context, this can lead to unintended system modification, supply-chain exposure, and execution of unreviewed package installation steps on the host environment.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal