Skills
skills/aminoanalytica/amina-skills/pymol/Gen Agent Trust Hub

pymol

Fail

Audited by Gen Agent Trust Hub on Feb 25, 2026

Risk Level: CRITICALCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/setup_pymol.py executes system commands via subprocess.run to manage package installations using pip and brew.
  • [REMOTE_CODE_EXECUTION]: The skill sends Python code snippets to a local TCP socket (localhost:9880) to be executed by the PyMOL interpreter via the claudemol plugin.
  • [EXTERNAL_DOWNLOADS]: The skill fetches protein structures from the RCSB PDB database and downloads the Homebrew installation script from GitHub. These are well-known, trusted sources for scientific software.
  • [SAFE]: The automated scanner alert for socket.AF is a false positive identifying the standard socket.AF_INET address family constant used in Python's networking library.
Recommendations
  • Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 25, 2026, 11:02 PM