Back to skill

Security audit

IPO Review

Security checks across malware telemetry and agentic risk

Overview

This skill is a local IPO filing review tool whose file access and report generation match its stated purpose.

Before installing, remember that the tool processes sensitive IPO materials locally and its generated output files can contain extracted financial facts and source snippets. Use it in a trusted local environment, protect the output directory, and consider pinning dependencies for reproducible installs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Unpinned Dependencies

Low
Category
Supply Chain
Content
pymupdf>=1.24.0
python-docx>=1.1.0
openpyxl>=3.1.0
pytest>=8.0.0
Confidence
92% confidence
Finding
pymupdf>=1.24.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
pymupdf>=1.24.0
python-docx>=1.1.0
openpyxl>=3.1.0
pytest>=8.0.0
Confidence
92% confidence
Finding
python-docx>=1.1.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
pymupdf>=1.24.0
python-docx>=1.1.0
openpyxl>=3.1.0
pytest>=8.0.0
Confidence
92% confidence
Finding
openpyxl>=3.1.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
pymupdf>=1.24.0
python-docx>=1.1.0
openpyxl>=3.1.0
pytest>=8.0.0
Confidence
94% confidence
Finding
pytest>=8.0.0

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.