mlflow

skills-sh:davila7_claude-code-templates__mlflow

View source

85/100

First Seen

Feb 18, 2026

Last Scanned

Feb 20, 2026

Findings

Score

85/100

HIGH 1

LOW 2

Findings (3)

HIGH

Localhost bypass SSRF_006

ssrf-cloud L1827

Detects alternative representations of localhost used to bypass SSRF filters

curl
http://127.0.0.1:

FIX

Prevent URL redirection from bypassing SSRF protections. Validate the final destination URL after following redirects and block redirect chains that resolve to internal addresses.

FP?

Likely FP if the match is documentation about redirect handling behavior without an actual open redirect vulnerability.

LOW

pip install arbitrary package EXTDL_009

external-download L37

Detects pip install of arbitrary packages that modify the host environment

pip
install
ml

FIX

Pin all pip packages to exact versions (e.g., pip install package==1.2.3). Use a requirements.txt or pyproject.toml with pinned versions and hash verification.

FP?

Likely FP if the match is in documentation showing how to install the skill's own PyPI package.

LOW

pip install arbitrary package EXTDL_009

external-download L41

Detects pip install of arbitrary packages that modify the host environment

pip
install
ml

FIX

Pin all pip packages to exact versions (e.g., pip install package==1.2.3). Use a requirements.txt or pyproject.toml with pinned versions and hash verification.

FP?

Likely FP if the match is in documentation showing how to install the skill's own PyPI package.