Unpinned Dependencies
Low
- Category
- Supply Chain
- Content
pyyaml>=6.0.1 rich>=13.7.0
- Confidence
- 93% confidence
- Finding
- pyyaml>=6.0.1
Outline Generator
Security checks across malware telemetry and agentic risk
Overview
This skill is a local Chinese novel-outline generator, and its file access and dependencies are proportionate to that purpose.
Reasonable to install for local outline generation. Prefer installing in a virtual environment, review the output path before running because the script writes a Markdown file there, and consider pinning dependency versions if you need reproducible builds.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)
Unpinned Dependencies
Low
- Category
- Supply Chain
- Content
pyyaml>=6.0.1 rich>=13.7.0
- Confidence
- 92% confidence
- Finding
- rich>=13.7.0
Known Vulnerable Dependency: pyyaml — 8 advisory(ies): CVE-2019-20477 (Deserialization of Untrusted Data in PyYAML); CVE-2020-1747 (Improper Input Validation in PyYAML); CVE-2020-14343 (Improper Input Validation in PyYAML) +5 more
Critical
- Category
- Supply Chain
- Confidence
- 88% confidence
- Finding
- pyyaml
VirusTotal
64/64 vendors flagged this skill as clean.