Unpinned Dependencies
Low
- Category
- Supply Chain
- Content
Pillow>=10.0,<13 numpy>=1.24
- Confidence
- 83% confidence
- Finding
- numpy>=1.24
Security audit
Security checks across malware telemetry and agentic risk
This skill appears to be a straightforward local animated-sticker maker, with dependency hygiene risks but no evidence of hidden data access or malicious behavior.
Before installing, use an isolated environment and ensure dependency resolution installs a current patched Pillow release rather than an old 10.0.x version. Treat generated packages as containing user-derived image material, and use --include-reference only when you intentionally want the original image copied into the output package.
Pillow>=10.0,<13 numpy>=1.24
63/63 vendors flagged this skill as clean.
No suspicious patterns detected.