Unpinned Dependencies
Low
- Category
- Supply Chain
- Content
# 核心依赖 faiss-cpu>=1.7.4 numpy>=1.21.0 pandas>=1.3.0
- Confidence
- 87% confidence
- Finding
- faiss-cpu>=1.7.4
CNC Quote System
Security checks across malware telemetry and agentic risk
Overview
This is a local CNC quoting helper with ordinary dependency hygiene risks but no evidence of hidden data access, exfiltration, persistence, or destructive behavior.
Install in a virtual environment, pin or lock the Python dependencies before relying on it operationally, and treat generated quotes as estimates that need human review. Only populate cases.json with data you are comfortable storing locally.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)
Unpinned Dependencies
Low
- Category
- Supply Chain
- Content
# 核心依赖 faiss-cpu>=1.7.4 numpy>=1.21.0 pandas>=1.3.0 # 可选依赖
- Confidence
- 93% confidence
- Finding
- numpy>=1.21.0
Unpinned Dependencies
Low
- Category
- Supply Chain
- Content
# 核心依赖 faiss-cpu>=1.7.4 numpy>=1.21.0 pandas>=1.3.0 # 可选依赖 # ollama>=0.1.0 # 向量嵌入(可选)
- Confidence
- 93% confidence
- Finding
- pandas>=1.3.0
VirusTotal
63/63 vendors flagged this skill as clean.