elite-powerpoint-designer

skills-sh:willem4130_claude-code-skills__elite-powerpoint-designer

View source

100/100

First Seen

Feb 18, 2026

Last Scanned

Feb 20, 2026

Findings

Score

100/100

LOW 3

Findings (3)

LOW

Unverified npx package execution EXTDL_008

external-download L378

Detects npx executing packages from unverified sources without pinned versions

npx @smithery/cli

FIX

Pin the npx package to an exact version (e.g., npx @scope/package@1.2.3). Unversioned npx commands can silently install a different or malicious package version.

FP?

Likely FP if the npx command targets a well-known package in documentation context, though unpinned versions are a real supply chain concern.

LOW

pip install arbitrary package EXTDL_009

external-download L381

Detects pip install of arbitrary packages that modify the host environment

pip install py

FIX

Pin all pip packages to exact versions (e.g., pip install package==1.2.3). Use a requirements.txt or pyproject.toml with pinned versions and hash verification.

FP?

Likely FP if the match is in documentation showing how to install the skill's own PyPI package.

LOW

pip install arbitrary package EXTDL_009

external-download L386

Detects pip install of arbitrary packages that modify the host environment

pip install py

FIX

Pin all pip packages to exact versions (e.g., pip install package==1.2.3). Use a requirements.txt or pyproject.toml with pinned versions and hash verification.

FP?

Likely FP if the match is in documentation showing how to install the skill's own PyPI package.