Unpinned Dependencies
Low
- Category
- Supply Chain
- Content
requests>=2.28.0 pandas>=1.5.0 numpy>=1.21.0
- Confidence
- 96% confidence
- Finding
- requests>=2.28.0
股票技术分析 (Stock Technical Analysis)
Security checks across malware telemetry and agentic risk
Overview
The only substantiated concerns are dependency hygiene issues, not hidden or purpose-mismatched behavior.
Before installing, prefer a version with pinned or locked dependencies and run dependency scanning in your environment. Treat the current package as acceptable from the available evidence, but review the full skill instructions and scripts if you need stronger supply-chain assurance.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (5)
Unpinned Dependencies
Low
- Category
- Supply Chain
- Content
requests>=2.28.0 pandas>=1.5.0 numpy>=1.21.0
- Confidence
- 96% confidence
- Finding
- pandas>=1.5.0
Unpinned Dependencies
Low
- Category
- Supply Chain
- Content
requests>=2.28.0 pandas>=1.5.0 numpy>=1.21.0
- Confidence
- 96% confidence
- Finding
- numpy>=1.21.0
Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more
High
- Category
- Supply Chain
- Confidence
- 74% confidence
- Finding
- requests
Known Vulnerable Dependency: numpy — 10 advisory(ies): CVE-2014-1859 (Numpy arbitrary file write via symlink attack); CVE-2021-41495 (NumPy NULL Pointer Dereference); CVE-2021-33430 (NumPy Buffer Overflow (Disputed)) +7 more
Critical
- Category
- Supply Chain
- Confidence
- 83% confidence
- Finding
- numpy
VirusTotal
65/65 vendors flagged this skill as clean.