Unpinned Dependencies
Low
- Category
- Supply Chain
- Content
python-pptx>=0.6.21 markdown>=3.4.4 pydantic>=2.0.0 click>=8.1.0
- Confidence
- 90% confidence
- Finding
- python-pptx>=0.6.21
Sum2Slides Pro
Security checks across malware telemetry and agentic risk
Overview
This skill is a local text-to-PowerPoint converter with ordinary file I/O and dependency risks, but no evidence of hidden data access, persistence, exfiltration, or destructive behavior.
Install in a virtual environment and prefer a locked dependency file or reviewed pinned versions before production use. Be cautious with untrusted Markdown inputs, and verify any external PyPI or GitHub source if you install outside the ClawHub artifact.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (8)
Unpinned Dependencies
Low
- Category
- Supply Chain
- Content
python-pptx>=0.6.21 markdown>=3.4.4 pydantic>=2.0.0 click>=8.1.0 pyyaml>=6.0
- Confidence
- 90% confidence
- Finding
- markdown>=3.4.4
Unpinned Dependencies
Low
- Category
- Supply Chain
- Content
python-pptx>=0.6.21 markdown>=3.4.4 pydantic>=2.0.0 click>=8.1.0 pyyaml>=6.0
- Confidence
- 90% confidence
- Finding
- pydantic>=2.0.0
Unpinned Dependencies
Low
- Category
- Supply Chain
- Content
python-pptx>=0.6.21 markdown>=3.4.4 pydantic>=2.0.0 click>=8.1.0 pyyaml>=6.0
- Confidence
- 88% confidence
- Finding
- click>=8.1.0
Unpinned Dependencies
Low
- Category
- Supply Chain
- Content
markdown>=3.4.4 pydantic>=2.0.0 click>=8.1.0 pyyaml>=6.0
- Confidence
- 95% confidence
- Finding
- pyyaml>=6.0
Known Vulnerable Dependency: markdown — 2 advisory(ies): CVE-2025-69534 (Python-Markdown has an Uncaught Exception); CVE-2025-69534 (Python-Markdown version 3.8 contain a vulnerability where malformed HTML-like se)
High
- Category
- Supply Chain
- Confidence
- 78% confidence
- Finding
- markdown
Known Vulnerable Dependency: pydantic — 3 advisory(ies): CVE-2021-29510 (Use of "infinity" as an input to datetime and date fields causes infinite loop i); CVE-2024-3772 (Pydantic regular expression denial of service); CVE-2021-29510 (Pydantic is a data validation and settings management using Python type hinting.)
High
- Category
- Supply Chain
- Confidence
- 81% confidence
- Finding
- pydantic
Known Vulnerable Dependency: pyyaml — 8 advisory(ies): CVE-2019-20477 (Deserialization of Untrusted Data in PyYAML); CVE-2020-1747 (Improper Input Validation in PyYAML); CVE-2020-14343 (Improper Input Validation in PyYAML) +5 more
Critical
- Category
- Supply Chain
- Confidence
- 93% confidence
- Finding
- pyyaml
VirusTotal
66/66 vendors flagged this skill as clean.