Unpinned Dependencies
Low
- Category
- Supply Chain
- Content
"install:browser": "playwright install chromium" }, "dependencies": { "playwright": "^1.58.2" } }- Confidence
- 89% confidence
- Finding
- "playwright": "^1.58.2"
Direct WeChat Article Reader
Security checks across malware telemetry and agentic risk
Overview
This skill behaves like a disclosed WeChat article reader, with ordinary npm and Playwright setup risks but no evidence of hidden data access or harmful behavior.
Install only if you are comfortable with npm dependencies and a Playwright browser download running locally. Use it for intended WeChat article links, and consider a sandboxed workspace if your environment has sensitive network access.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)
VirusTotal
66/66 vendors flagged this skill as clean.