Skills
skills/aradotso/trending-skills/nano-world-model/Gen Agent Trust Hub

nano-world-model

Warn

Audited by Gen Agent Trust Hub on May 5, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the user to download a pre-trained model file (i3d_torchscript.pt) from a Dropbox URL using curl. It also provides code to download model checkpoints (checkpoint.ckpt) from HuggingFace repositories under the user account knightnemo.
  • [REMOTE_CODE_EXECUTION]: The skill provides Python examples for loading the downloaded checkpoint files using torch.load(). PyTorch checkpoints and TorchScript models are often stored using the Python pickle module, which is known to be unsafe for loading data from untrusted or external sources as it can lead to arbitrary code execution if the files contain malicious payloads.
  • [COMMAND_EXECUTION]: The installation process involves cloning a repository from GitHub and creating a Conda environment, which involves executing multiple shell commands and scripts from an external repository.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 5, 2026, 05:58 AM
Security Audit — agent-trust-hub — nano-world-model