world-labs-export

[Skill Scanner] Download or install from free hosting/deployment platform detected This file is primarily documentation describing export formats, coordinate conversions, and third-party tools/plugins. There is no embedded malicious code, obfuscation, or direct credential harvesting. However, the declared allowed-tools (Bash and WebFetch) are broader than necessary for a documentation-only skill and allow downloading and executing arbitrary third-party code referenced in the document. That capability could be abused for supply-chain attacks if an agent is permitted to run those tools automatically. Recommend: treat external converter domains as untrusted, avoid automated execution of downloads from non-official sources, and reduce allowed-tools scope for a documentation skill (remove Bash if no execution is needed). Overall: low probability of embedded malware in this file (it is docs), but moderate security risk due to operational privileges that could enable malicious flows. LLM verification: Overall, the fragment is benign documentation describing export formats and integrations for World Labs assets. The sole notable element is a publicly hosted external conversion tool link, which a legitimate developer might reference for format conversion. No executable code, credentials, or data exfiltration patterns are present. This aligns with a non-executable skill/documentation footprint.