molfeat
Warn
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill's documentation and examples (specifically in
SKILL.mdandreferences/examples.md) demonstrate the use of Python'spicklemodule to cache molecular embeddings. Thepickle.load()function is inherently unsafe as it can be used to execute arbitrary code if the loaded file has been maliciously crafted or tampered with. - [EXTERNAL_DOWNLOADS]: The skill provides instructions for installing the
molfeatlibrary and several optional feature-specific extensions (e.g.,dgl,graphormer,transformers) from public package registries. - [COMMAND_EXECUTION]: The skill includes shell commands for the installation of necessary dependencies using the
uvpackage manager.
Audit Metadata