Unpinned Dependencies
Low
- Category
- Supply Chain
- Content
playwright>=1.40 Pillow>=10.0
- Confidence
- 94% confidence
- Finding
- playwright>=1.40
Open Slide
Security checks across malware telemetry and agentic risk
Overview
This skill appears to do what it claims: help create and export open-slide presentations, with ordinary dependency and artifact-sharing cautions.
Install only if you are comfortable allowing the agent to run npm or pnpm, pip, Playwright/Chromium, and local browser-based export commands. Prefer pinned dependency versions in a controlled environment, review generated PDFs or ZIP contents before sharing, and avoid the optional CDP connection unless you deliberately want the script to use an already-running browser session.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)
Unpinned Dependencies
Low
- Category
- Supply Chain
- Content
playwright>=1.40 Pillow>=10.0
- Confidence
- 97% confidence
- Finding
- Pillow>=10.0
Known Vulnerable Dependency: Pillow — 10 advisory(ies): CVE-2016-2533 (Pillow buffer overflow in ImagingPcdDecode); CVE-2023-50447 (Arbitrary Code Execution in Pillow); CVE-2021-27922 (Pillow Uncontrolled Resource Consumption) +7 more
Critical
- Category
- Supply Chain
- Confidence
- 90% confidence
- Finding
- Pillow
VirusTotal
65/65 vendors flagged this skill as clean.