Skills
skills/internscience/chemclaw/boron-nmr-predict/Gen Agent Trust Hub

boron-nmr-predict

Warn

Audited by Gen Agent Trust Hub on Mar 30, 2026

Risk Level: MEDIUMREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The file src/core/ml_features.py uses pickle.load() to deserialize the ml_feature_scaler.pkl file. If an attacker manages to compromise the model repository or perform a man-in-the-middle attack on the download process in scripts/ensure_model.py, they could execute arbitrary code on the user's system when the skill attempts to load the scaler.
  • [EXTERNAL_DOWNLOADS]: The skill is designed to download model weights and pre-processing files from a remote repository. The script scripts/ensure_model.py uses the huggingface_hub library to download files from SII-AI4Chem/boron-nmr-predict-model. While the target repository is specific, downloading and executing content (via pickle) from external sources introduces supply chain risks.
  • [COMMAND_EXECUTION]: The skill includes shell scripts (scripts/setup_env.sh and scripts/run_example.sh) that automate environment creation, dependency installation via pip, and execution of Python scripts. These scripts use sudo-less commands but perform significant system changes like creating conda environments and installing unversioned packages from requirements files.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 30, 2026, 06:44 AM