lammps-simulation

[Skill Scanner] Backtick command substitution detected This skill is consistent with its stated purpose: preparing and running LAMMPS simulations and obtaining force-field parameters from literature. I found no hard-coded credentials, obfuscation, or code that would directly exfiltrate data or spawn backdoors. The primary risk is operational: the agent is allowed to fetch arbitrary web resources and execute shell commands, so a compromised agent or unvetted download could lead to running attacker-supplied binaries or malicious files on the host. Use of this skill should be limited to trusted environments, and downloaded potential files and binaries should be validated (checksums, trusted sources) before execution. Overall, the content appears benign for its purpose but operational controls are recommended. LLM verification: No direct malicious code or intent is present in this SKILL.md fragment. The skill's instructions and capabilities are coherent for running LAMMPS, but it delegates parameter discovery and external downloads to the agent without recommending integrity checks or specifying trusted sources. That creates a moderate supply-chain risk: unverified external potential files or supplementary materials could be malicious or tampered with. Recommend requiring validation of downloads (checksums, authoritati