neurokit2

skills-sh:davila7_claude-code-templates__neurokit2

View source

100/100

First Seen

Feb 18, 2026

Last Scanned

Feb 20, 2026

Findings

Score

100/100

LOW 3

Findings (3)

LOW

pip install arbitrary package EXTDL_009

external-download L271

Detects pip install of arbitrary packages that modify the host environment

pip install ne

FIX

Pin all pip packages to exact versions (e.g., pip install package==1.2.3). Use a requirements.txt or pyproject.toml with pinned versions and hash verification.

FP?

Likely FP if the match is in documentation showing how to install the skill's own PyPI package.

LOW

pip install arbitrary package EXTDL_009

external-download L276

Detects pip install of arbitrary packages that modify the host environment

pip install ht

FIX

Pin all pip packages to exact versions (e.g., pip install package==1.2.3). Use a requirements.txt or pyproject.toml with pinned versions and hash verification.

FP?

Likely FP if the match is in documentation showing how to install the skill's own PyPI package.

LOW

Package install from arbitrary URL SUPPLY_014

supply-chain L276

Detects installing packages directly from URLs instead of registries

pip install https://github.com/neuropsychology/NeuroKit/zipball/dev

FIX

Review installation scripts for commands that persist beyond the package installation (e.g., adding cron jobs, modifying system configs, installing additional packages).

FP?

Likely FP if the persistence mechanism is a standard setup step (e.g., adding the tool to PATH) documented in the installation instructions.