Unpinned Dependencies
Low
- Category
- Supply Chain
- Content
rich PyYAML
- Confidence
- 96% confidence
- Finding
- rich
Novel Writer V2
Security checks across malware telemetry and agentic risk
Overview
This skill is a local novel-writing prompt generator with disclosed file reads and writes, and no evidence of hidden network, credential, or destructive behavior.
Install only in an isolated project environment, pin the Python dependencies before long-term use, and run it against a dedicated novel project folder rather than broad private directories. Be careful with --outline and --output paths because the script relies on user-provided paths and can write wherever the invoking user has permission.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)
Unpinned Dependencies
Low
- Category
- Supply Chain
- Content
rich PyYAML
- Confidence
- 99% confidence
- Finding
- PyYAML
Known Vulnerable Dependency: PyYAML — 8 advisory(ies): CVE-2019-20477 (Deserialization of Untrusted Data in PyYAML); CVE-2020-1747 (Improper Input Validation in PyYAML); CVE-2020-14343 (Improper Input Validation in PyYAML) +5 more
Critical
- Category
- Supply Chain
- Confidence
- 98% confidence
- Finding
- PyYAML
VirusTotal
66/66 vendors flagged this skill as clean.